Jump to content

sdwinlogon.dll missing, cannot remove 'web protect for windows'


gj2001
 Share

Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Administrator at 23:53:53 on 2014-11-15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3710.2783 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\System32\locator.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.motherjones.com/
uSearch Bar = www.google.com
uSearch Page = www.google.com
uProxyOverride = <-loopback>
uSearchAssistant = www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office14\GROOVEEX.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [Google Update] "c:\windows\system32\config\systemprofile\local settings\application data\google\update\GoogleUpdate.exe" /c
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\WG311v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\netgea~1.lnk - c:\windows\installer\{70014586-7bba-4a92-a610-cdc896c48f8f}\NewShortcut1_1.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\MyOSProtect.dll
Trusted Zone: $talisma_url$
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179257945906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179261498859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{13B479E5-AF57-4D6C-946F-387C0B53EC74} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: vepozusij - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli lewazasu.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\56416g2s.default-1416106060296\
FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2014-1-5 135776]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-11-18 483936]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2014-5-30 534024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-9-10 54760]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-8-16 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-8-16 2088408]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-7-4 2789160]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe [2014-5-30 3592120]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\checkpoint\zonealarm\ZAPrivacyService.exe [2014-5-29 90936]
S1 cpjfkelq;cpjfkelq;\??\c:\windows\system32\drivers\cpjfkelq.sys --> c:\windows\system32\drivers\cpjfkelq.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-8-16 171928]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2014-3-12 114152]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-1 15656]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [userChoice]
ShellExec: solidconvertergx.exe: open=c:\program files\soliddocuments\solidconvertergx\scgx\solidconvertergx.exe
.
=============== Created Last 30 ================
.
2014-11-16 00:49:48    --------    d-----w-    c:\program files\Setup Support for Consumer Input
2014-11-16 00:47:01    --------    d-----w-    c:\documents and settings\administrator\application data\Compete
2014-11-15 23:41:19    --------    d-----w-    c:\documents and settings\all users\application data\2b95fb5d4df5281e
2014-11-15 23:41:11    --------    d-----w-    c:\documents and settings\administrator\local settings\application data\Chromatic Browser
2014-11-15 23:41:08    --------    d-----w-    c:\documents and settings\administrator\local settings\application data\Torch
2014-11-15 23:40:51    --------    d-----w-    c:\program files\0ca45c95134d
.
==================== Find3M  ====================
.
2014-11-16 03:00:14    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 05:24:47    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 05:24:47    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-12 05:24:37    17926832    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-10-01 16:11:18    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 16:11:10    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-13 02:05:33    52440    ----a-w-    c:\windows\system32\drivers\dpxolu.sys
2014-09-01 18:28:20    304776    ----a-w-    c:\windows\system32\MyOSProtect.dll
2014-08-26 05:52:57    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-26 05:52:48    880040    ----a-w-    c:\windows\system32\npdeployJava1.dll
2014-08-26 05:52:48    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-08-26 05:52:47    802728    ----a-w-    c:\windows\system32\deployJava1.dll
.
============= FINISH: 23:56:16.00 ===============
 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.


 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.
 

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014
Ran by Administrator at 2014-11-18 19:05:10
Running from D:\My Documents\GREG's Stuff
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ZoneAlarm Antivirus (Disabled - Up to date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
AOL Messaging Toolbar (HKU\S-1-5-21-796845957-1844237615-725345543-500\...\AOL Messaging Toolbar) (Version:  - )
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - Canon Inc.)
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - Canon Inc.)
Canon Camera WIA Driver (Version: 5.1 - Canon) Hidden
Canon EOS Kiss REBEL 300D WIA Driver (HKLM\...\InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}) (Version: 5.1 - Canon)
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Codec (HKLM\...\Canon RAW Codec) (Version: 1.7.0.56 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.6.1.0 - Canon Inc.)
Canon Utilities File Viewer Utility 1.3 (HKLM\...\InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}) (Version: 1.3.2 - Canon)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities RemoteCapture 2.7 (HKLM\...\InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}) (Version: 2.7.5 - Canon)
Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CoffeeCup Free FTP (HKLM\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.4.4 - CoffeeCup Software Inc.)
CoffeeCup GIF Animator (HKLM\...\CoffeeCup GIF Animator) (Version: CoffeeCup GIF Animator 7 - CoffeeCup Software)
CoffeeCup HTML Editor (HKLM\...\CoffeeCup HTML Editor) (Version:  - )
CoffeeCup HTML Editor 2008 (HKLM\...\CoffeeCup HTML Editor 2008) (Version:  - )
CoffeeCup Password Wizard (HKLM\...\CoffeeCup Password Wizard) (Version:  - )
CoffeeCup Shopping Cart Creator (HKLM\...\CoffeeCup Shopping Cart Creator 3.9.4295) (Version: 3.9.4295 - CoffeeCup Software, Inc.)
CoffeeCup Visual Site Designer Software (HKLM\...\CoffeeCup Visual Site Designer Software) (Version: Software - CoffeeCup Software, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer Input (HKLM\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.)
Digital Photo Software FotoMorph 12.4.5 (HKLM\...\FotoMorph) (Version: 12.4.5 - Digital Photo Software)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressDigital Darkroom Web Edition V8.9 (HKLM\...\{F5DEDB3F-07AC-476F-944F-DB96F5EF657A}) (Version: 8.91.1670 - "Express Digital Graphics, Inc.")
FengShui Expert 3.3C (HKLM\...\ST6UNST #1) (Version:  - )
File Viewer Utility 1.3.2 (Version: 1.3.2 - Canon) Hidden
FileZilla Client 3.3.4.1 (HKLM\...\FileZilla Client) (Version: 3.3.4.1 - )
Flick323 (HKLM\...\{57825739-58E6-4E03-86A3-04A8E2EFFD17}) (Version: 3.2.3 - Arawak Database Solutions)
FotoMorph version 13.1.3 (HKLM\...\{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1) (Version: 13.1.3 - Digital Photo Software)
FreeRIP v3.30 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.30 - MGShareware)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKU\.DEFAULT\...\Google+ Auto Backup) (Version: 1.0.22.105 - Google, Inc.)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Logitech MouseWare 9.79.1  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
NETGEAR WG311v3 PCI Adapter (HKLM\...\InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}) (Version: 1.00 - NETGEAR)
NETGEAR WG311v3 PCI Adapter (Version: 1.00 - NETGEAR) Hidden
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-796845957-1844237615-725345543-500\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pen Tablet (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
RemoteCapture 2.7.5 (Version: 2.7.5 - Canon) Hidden
Richmond Camera ROES (HKU\S-1-5-21-796845957-1844237615-725345543-500\...\Richmond Camera ROES) (Version:  - RichmondCamera)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SolidConverterGX (HKLM\...\{28298E71-8EE6-4F63-9522-B51E80CECBD8}) (Version: 1.1.54.0 - SolidDocuments)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TaxACT 2010 (HKLM\...\TaxACT 2010) (Version:  - 2nd Story Software, Inc.)
TaxACT 2010 Georgia (HKLM\...\TaxACT 2010 Georgia) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 - 1040 Edition (HKLM\...\TaxACT 2011 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2011 Georgia (HKLM\...\TaxACT 2011 Georgia) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 - 1040 Edition (HKLM\...\TaxACT 2012 - 1040 Edition) (Version:  - 2nd Story Software, Inc.)
TaxACT 2012 Georgia (HKLM\...\TaxACT 2012 Georgia) (Version:  - 2nd Story Software, Inc.)
TaxACT 2013 - 1040 Edition (HKLM\...\TaxACT 2013 - 1040 Edition) (Version:  - TaxACT, Inc.)
TaxACT 2013 Georgia (HKLM\...\TaxACT 2013 Georgia) (Version:  - TaxACT, Inc.)
Unity Web Player (HKU\S-1-5-21-796845957-1844237615-725345543-500\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Site Designer (HKLM\...\{5FA08EAD-6532-4609-9E78-DBBEBE9AE6D2}) (Version: 7.0.76 - CoffeeCup Software)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Watermark Studio 1.0 (HKLM\...\Watermark Studio_is1) (Version:  - Arclab Software Technologies)
Web Protect for Windows (HKLM\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WinAVI Video Converter (HKLM\...\WinAVI Video Converter_is1) (Version:  - ZJ Computing, Inc.)
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06) (HKLM\...\A106663FD3361BDFACB045D83EBA03858EB1E411) (Version: 03/13/2008 2.04.06 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06) (HKLM\...\F2F24872454C7CAEAABD8BB063F70FBEFF01989D) (Version: 03/13/2008 2.04.06 - FTDI)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZoneAlarm Antivirus (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.2.015.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (Version: 13.2.015.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKLM\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKU\S-1-5-21-796845957-1844237615-725345543-500\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-796845957-1844237615-725345543-500_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

27-09-2014 22:44:55 System Checkpoint
29-09-2014 19:00:35 System Checkpoint
01-10-2014 00:39:10 System Checkpoint
02-10-2014 02:14:07 System Checkpoint
03-10-2014 02:28:55 System Checkpoint
05-10-2014 21:15:08 System Checkpoint
06-10-2014 22:21:01 System Checkpoint
07-10-2014 23:09:04 System Checkpoint
09-10-2014 02:14:39 System Checkpoint
11-10-2014 20:52:29 System Checkpoint
20-10-2014 23:02:44 System Checkpoint
21-10-2014 03:56:14 Software Distribution Service 3.0
21-10-2014 18:35:12 Software Distribution Service 3.0
22-10-2014 21:07:09 System Checkpoint
23-10-2014 21:07:28 System Checkpoint
24-10-2014 21:55:34 System Checkpoint
26-10-2014 14:48:04 System Checkpoint
31-10-2014 00:33:49 System Checkpoint
03-11-2014 13:00:11 System Checkpoint
04-11-2014 16:08:08 System Checkpoint
06-11-2014 16:01:09 System Checkpoint
07-11-2014 16:30:28 System Checkpoint
08-11-2014 22:49:45 System Checkpoint
10-11-2014 01:21:39 System Checkpoint
11-11-2014 04:43:55 System Checkpoint
12-11-2014 04:58:10 System Checkpoint
12-11-2014 07:20:38 Software Distribution Service 3.0
14-11-2014 02:20:30 Software Distribution Service 3.0
15-11-2014 02:55:11 System Checkpoint
16-11-2014 02:29:24 Removed Shopping Helper Smartbar
16-11-2014 06:15:59 Software Distribution Service 3.0
17-11-2014 07:08:49 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2010-04-19 22:34 - 2014-11-15 23:17 - 00450738 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-796845957-1844237615-725345543-500.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\WINDOWS\Tasks\COMODO System Cleaner Update.job => C:\Program Files\COMODO\COMODO System-Cleaner\UpdateApplications.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-08-15 17:08 - 2010-08-15 17:08 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-04-11 21:25 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-16 10:41 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-16 10:41 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-08-16 10:41 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2007-11-21 16:51 - 2007-11-21 16:51 - 01507328 _____ () C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
2006-12-04 10:38 - 2006-12-04 10:38 - 00049152 _____ () C:\Program Files\NETGEAR\WG311v3\WlanDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbt.sys:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbt.sys:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:242231A9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-796845957-1844237615-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-796845957-1844237615-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-796845957-1844237615-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-796845957-1844237615-725345543-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Intel® PRO/1000 MT Network Connection
Description: Intel® PRO/1000 MT Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E1000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 09:58:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/15/2014 07:45:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: PCDATA)
Description: Product: Consumer Input Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Consumer Input\Update\1.3.25.149\GoogleUpdateHelper.msi

Error: (11/12/2014 07:37:41 PM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (11/12/2014 07:37:41 PM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (11/04/2014 11:58:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/26/2014 10:19:54 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 526332137.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (10/26/2014 10:19:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.3.5379, faulting module mozalloc.dll, version 32.0.3.5379, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

System errors:
=============
Error: (11/18/2014 06:38:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (11/18/2014 06:38:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (11/18/2014 06:38:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/18/2014 06:38:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/18/2014 06:38:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error:
%%31

Error: (11/17/2014 11:28:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (11/17/2014 10:28:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (11/17/2014 09:28:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (11/17/2014 08:28:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (11/17/2014 07:28:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Microsoft Office Sessions:
=========================
Error: (11/15/2014 09:58:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532hungapp0.0.0.000000000

Error: (11/15/2014 07:45:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: PCDATA)
Description: Product: Consumer Input Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Consumer Input\Update\1.3.25.149\GoogleUpdateHelper.msi(NULL)(NULL)(NULL)

Error: (11/12/2014 07:37:41 PM) (Source: Ci) (EventID: 4126) (User: )
Description: c:\system volume information\catalog.wci

Error: (11/12/2014 07:37:41 PM) (Source: Ci) (EventID: 4124) (User: )
Description: c:\system volume information\catalog.wci

Error: (11/04/2014 11:58:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (10/26/2014 10:19:54 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: 526332137

Error: (10/26/2014 10:19:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.5379mozalloc.dll32.0.3.53790000141b

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 26%
Total physical RAM: 3709.98 MB
Available physical RAM: 2728.57 MB
Total Pagefile: 7641.65 MB
Available Pagefile: 6831.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.27 GB) (Free:4.05 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data Volume) (Fixed) (Total:232.88 GB) (Free:154.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: AAAAAAAA)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: B26DB26D)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014
Ran by Administrator (administrator) on PCDATA on 18-11-2014 19:03:03
Running from D:\My Documents\GREG's Stuff
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Logitech Inc.) C:\WINDOWS\LOGI_MWX.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\WINDOWS\system32\Pen_Tablet.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-12-17] (Logitech Inc.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-796845957-1844237615-725345543-500\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-796845957-1844237615-725345543-500\...\MountPoints2: {5e72833c-d873-11de-a9c0-000d562a2b5a} - F:\LaunchU3.exe
HKU\S-1-5-21-796845957-1844237615-725345543-500\...\MountPoints2: {b72019d4-bf43-11dd-a700-000d562a2b5a} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
Lsa: [Notification Packages] scecli lewazasu.dll
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG311v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG311v3\WG311v3.exe ()
SSODL: vepozusij - {4f1c641b-9e07-4857-844e-33dcde40af70} -  No File
BootExecute: autocheck autochk /k:C * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-796845957-1844237615-725345543-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-796845957-1844237615-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.motherjones.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
SearchScopes: HKU\S-1-5-21-796845957-1844237615-725345543-500 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-796845957-1844237615-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} -  No File
Toolbar: HKU\S-1-5-21-796845957-1844237615-725345543-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-796845957-1844237615-725345543-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-796845957-1844237615-725345543-500 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-796845957-1844237615-725345543-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-796845957-1844237615-725345543-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824}
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179257945906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179261498859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 20 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\56416g2s.default-1416106060296
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://www.npr.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-796845957-1844237615-725345543-500: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKU\S-1-5-21-796845957-1844237615-725345543-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-31]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [327040 2004-08-04] (ATI Technologies Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
S3 EL90X; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [153631 2001-08-17] (3Com Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-04] (Conexant Systems, Inc.)
S3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-04] (Conexant Systems, Inc.)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-04-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [483936 2014-04-30] (Kaspersky Lab ZAO)
S3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [51729 2003-12-17] (Logitech, Inc.)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28560 2009-11-10] (Logitech, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-11-15] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6557408 2008-05-16] (NVIDIA Corporation) [File not signed]
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-08-03] (VSO Software) [File not signed]
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [534024 2014-05-30] (Check Point Software Technologies Ltd.)
R3 W8335XP; C:\WINDOWS\System32\DRIVERS\WG311v3XP.sys [282624 2005-12-29] (Marvell Semiconductor, Inc) [File not signed]
S3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-04] (Conexant Systems, Inc.)
S1 cpjfkelq; \??\C:\WINDOWS\system32\drivers\cpjfkelq.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-04-30] (Kaspersky Lab ZAO)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 19:02 - 2014-11-18 19:03 - 00000000 ____D () C:\FRST
2014-11-15 23:56 - 2014-11-15 23:56 - 00024916 _____ () C:\Documents and Settings\Administrator\desktop\attach.txt
2014-11-15 23:56 - 2014-11-15 23:56 - 00012606 _____ () C:\Documents and Settings\Administrator\desktop\dds.txt
2014-11-15 23:27 - 2014-11-15 23:28 - 00000000 ____D () C:\Avenger
2014-11-15 23:17 - 2014-10-02 12:01 - 00450674 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141115-231752.backup
2014-11-15 20:35 - 2014-11-15 20:35 - 00000042 _____ () C:\Documents and Settings\Administrator\Application Data\WB.CFG
2014-11-15 19:49 - 2014-11-15 19:49 - 00000000 ____D () C:\Program Files\Setup Support for Consumer Input
2014-11-15 19:48 - 2014-11-18 19:04 - 00000364 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-796845957-1844237615-725345543-500.job
2014-11-15 19:47 - 2014-11-15 19:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Compete
2014-11-15 19:46 - 2014-11-15 21:10 - 00131072 _____ () C:\WINDOWS\system32\config\pastalea.evt
2014-11-15 19:28 - 2014-11-17 23:28 - 00000420 _____ () C:\WINDOWS\Tasks\At1.job
2014-11-15 18:42 - 2014-11-15 18:42 - 00000394 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-11-15 18:41 - 2014-11-15 21:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2b95fb5d4df5281e
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Program Files\0ca45c95134d
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\HelpAssistant
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\Guest
2014-11-15 18:39 - 2014-11-15 18:39 - 00000885 _____ () C:\end
2014-11-15 18:00 - 2014-11-15 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MSN6
2014-11-15 18:00 - 2014-11-15 18:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\MSN6
2014-11-10 22:40 - 2014-11-15 21:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-31 09:36 - 2014-10-31 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 19:04 - 2007-04-27 16:18 - 00032196 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-18 19:03 - 2007-04-27 16:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-11-18 18:41 - 2007-04-27 10:04 - 00557588 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-18 18:40 - 2012-11-20 12:17 - 00761285 _____ () C:\WINDOWS\setupapi.log
2014-11-18 18:39 - 2010-07-08 12:39 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 18:39 - 2007-05-15 14:39 - 01714099 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 18:38 - 2009-07-04 07:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\WTablet
2014-11-18 18:38 - 2007-04-27 10:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-18 18:38 - 2007-04-27 10:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-18 18:38 - 2007-04-27 09:59 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-11-18 18:38 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-18 18:37 - 2014-08-16 10:42 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-18 18:36 - 2014-02-08 16:27 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-11-18 18:36 - 2010-07-08 12:39 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 18:36 - 2007-04-27 16:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-17 23:58 - 2007-04-27 16:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-11-17 23:57 - 2007-04-27 16:18 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-17 23:32 - 2014-02-08 16:27 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-11-17 23:24 - 2012-04-24 10:09 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-17 19:32 - 2010-04-05 18:31 - 00000460 _____ () C:\WINDOWS\Tasks\COMODO System Cleaner Update.job
2014-11-17 13:49 - 2009-09-15 00:00 - 00000000 ____D () C:\WTablet
2014-11-17 13:47 - 2009-07-05 07:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\WTablet
2014-11-17 03:00 - 2013-11-13 18:07 - 00000410 _____ () C:\WINDOWS\Tasks\SpyHunter4.job
2014-11-16 01:21 - 2014-05-03 02:00 - 00012496 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-11-16 01:21 - 2014-04-09 05:51 - 00017982 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-11-16 01:13 - 2014-09-10 00:53 - 00000000 ____D () C:\Program Files\Web Protect
2014-11-15 23:25 - 2007-10-23 23:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2014-11-15 22:58 - 2014-08-16 10:40 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-15 22:00 - 2014-07-24 22:56 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-15 21:59 - 2014-07-24 22:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-15 21:59 - 2012-02-07 01:14 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2014-11-15 20:32 - 2008-05-12 19:26 - 00000000 ____D () C:\Program Files\Google
2014-11-15 18:41 - 2008-05-12 19:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-11-15 18:40 - 2007-11-04 12:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
2014-11-15 18:38 - 2007-05-16 06:47 - 00081808 ____C () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-15 18:31 - 2013-02-01 18:45 - 00000000 ____D () C:\Program Files\CommWatch II
2014-11-15 16:58 - 2013-01-21 16:29 - 00000000 ____D () C:\Program Files\ATT
2014-11-15 16:58 - 2013-01-21 16:28 - 00000000 ____D () C:\Program Files\Common Files\Motive
2014-11-14 03:48 - 2010-08-15 11:42 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-11-13 22:06 - 2007-04-27 10:03 - 00317152 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-13 21:33 - 2010-08-15 11:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 21:51 - 2010-04-17 08:25 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2014-11-12 02:20 - 2010-04-15 21:12 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 02:19 - 2014-08-16 10:42 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-12 00:24 - 2014-09-27 16:24 - 17926832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-12 00:24 - 2012-04-24 10:09 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-12 00:24 - 2011-06-06 15:51 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-09 11:29 - 2007-10-23 23:45 - 00128000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-06 16:30 - 2009-06-20 22:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Axialis
2014-10-31 09:21 - 2014-07-12 13:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-10-31 08:47 - 2010-10-17 10:55 - 00002501 _____ () C:\Documents and Settings\Administrator\desktop\Microsoft Word 2010.lnk
2014-10-31 08:06 - 2012-12-12 22:19 - 00002685 _____ () C:\WINDOWS\setupact.log
2014-10-25 10:40 - 2008-07-26 18:25 - 00007168 __SHC () C:\WINDOWS\Thumbs.db

Files to move or delete:
====================
C:\Windows\Tasks\At1.job

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

ark.txt

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-18 20:29:22
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6E040L0 rev.NAR61590 37.27GB
Running: kj3olfbf.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwtdapoc.sys

---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwAdjustPrivilegesToken [0xB0B02BA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwClose [0xB0AB74C6]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwConnectPort [0xB08B0A50]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwCreateEvent [0xB0AB7A3C]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwCreateFile [0xB08AAC06]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwCreateKey [0xB08CA442]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwCreateMutant [0xB0AB7922]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwCreatePort [0xB08B1222]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwCreateProcess [0xB08C4B14]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwCreateProcessEx [0xB08C4F0E]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwCreateSection [0xB08CE798]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwCreateSemaphore [0xB0AB7B5C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwCreateSymbolicLinkObject [0xB0ADC200]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwCreateThread [0xB0B04EA2]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwCreateWaitablePort [0xB08B1364]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwDebugActiveProcess [0xB0B04A48]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwDeleteFile [0xB08AB834]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwDeleteKey [0xB08CBD94]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwDeleteValueKey [0xB08CB6AA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwDeviceIoControlFile [0xB0AB750A]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwDuplicateObject [0xB08C3A26]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwEnumerateKey [0xB0AC7844]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwEnumerateValueKey [0xB0AC81D8]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwLoadDriver [0xB08A63D4]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwLoadKey [0xB08CC7A2]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwLoadKey2 [0xB08CC9AA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwMapViewOfSection [0xB0ADC220]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwNotifyChangeKey [0xB0ACAF38]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwOpenEvent [0xB0AB7AD2]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwOpenFile [0xB08AB43A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwOpenMutant [0xB0AB79B2]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwOpenProcess [0xB08C6E44]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwOpenSection [0xB0B05A98]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwOpenSemaphore [0xB0AB7BF2]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwOpenThread [0xB08C6A70]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwPlugPlayControl [0xB0ADC210]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwProtectVirtualMemory [0xB08DB39E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwQueryIntervalProfile [0xB0ADC250]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwQueryKey [0xB0AC6684]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwQueryMultipleValueKey [0xB0AC7E46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwQueryObject [0xB0ACB146]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwQueryValueKey [0xB0AC7C3A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwQueueApcThread [0xB0B054A8]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwRenameKey [0xB08CD73A]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwReplaceKey [0xB08CD06E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwReplyPort [0xB0ACCDEA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwReplyWaitReceivePort [0xB0ACCC78]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwReplyWaitReceivePortEx [0xB0ACCD2E]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwRequestWaitReplyPort [0xB08B060A]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwRestoreKey [0xB08CE120]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwResumeThread [0xB0B051D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwSaveKey [0xB0AC6B08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwSaveKeyEx [0xB0AC6C9E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwSaveMergedKeys [0xB0AC6E3A]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwSecureConnectPort [0xB08B0D2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwSetContextThread [0xB0B05330]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwSetInformationFile [0xB08ABBFA]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwSetInformationObject [0xB08DB27E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwSetInformationToken [0xB0AB7C7C]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwSetSecurityObject [0xB08CDC7C]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwSetSystemInformation [0xB08A5B7C]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwSetValueKey [0xB08CAE2E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwSuspendProcess [0xB0B04790]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwSuspendThread [0xB0B0507A]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwSystemDebugControl [0xB08C5B72]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwTerminateProcess [0xB08C58E2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwTerminateThread [0xB0B04D9E]
SSDT            \SystemRoot\System32\vsdatant.sys                                                                                        ZwUnloadDriver [0xB08A6810]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwUnmapViewOfSection [0xB0B05C00]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                    ZwWriteVirtualMemory [0xB0B05936]

---- Devices - GMER 2.1 ----

Device          \Driver\Tcpip \Device\Ip                                                                                                 vsdatant.sys
Device          \Driver\Tcpip \Device\Tcp                                                                                                vsdatant.sys

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                fssfltr_tdi.sys

Device          \Driver\Tcpip \Device\Udp                                                                                                vsdatant.sys
Device          \Driver\Tcpip \Device\RawIp                                                                                              vsdatant.sys
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                        vsdatant.sys

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                 fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\ControlSet005\Control\Session Manager@PendingFileRenameOperations                                            ?????????????????????e?????????????????g?????????????,??????????Mouse?????X???????????????????N??????????????????????????x??????????????????????Intel???? ????????????????????????????<????? ????????????????????4?????e?????????????4???????????e???????????c??????????????????? ???????????????????????????????????????????????????F??????????????0????????????????`???????????????????? ????????????????????? ???????????????????????????????? ???????????????????????? ?????(????????????????????f??t???DiskDrive???pci?*???gusvc???System????????,????????g????Image???Netlogon????????????????? ??????????????????? ??????????????????? l?????????????????PTP?????????????MpKsl17b1d512???????SoundMAX Digital Audio??????????????????????????????????????????????????????????????????p???SCSI miniport????????????a??t???????=????L?g?????????????n??????? ?????????????????????????????????? ???????????? ????????????????????????????????????????????????????????5?????? ???????????????????????????????????????t??????????? ??????????????????????p??
Reg             HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                          50112
Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{13B479E5-AF57-4D6C-946F-387C0B53EC74}@DhcpRetryTime  43197

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

 

21:11:06.0828 0x0de0 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34

21:11:14.0437 0x0de0 ============================================================

21:11:14.0437 0x0de0 Current date / time: 2014/11/18 21:11:14.0437

21:11:14.0437 0x0de0 SystemInfo:

21:11:14.0437 0x0de0

21:11:14.0437 0x0de0 OS Version: 5.1.2600 ServicePack: 3.0

21:11:14.0437 0x0de0 Product type: Workstation

21:11:14.0437 0x0de0 ComputerName: PCDATA

21:11:14.0437 0x0de0 UserName: Administrator

21:11:14.0437 0x0de0 Windows directory: C:\WINDOWS

21:11:14.0437 0x0de0 System windows directory: C:\WINDOWS

21:11:14.0437 0x0de0 Processor architecture: Intel x86

21:11:14.0437 0x0de0 Number of processors: 1

21:11:14.0437 0x0de0 Page size: 0x1000

21:11:14.0437 0x0de0 Boot type: Normal boot

21:11:14.0437 0x0de0 ============================================================

21:11:21.0093 0x0de0 KLMD registered as C:\WINDOWS\system32\drivers\66995486.sys

21:11:22.0296 0x0de0 System UUID: {1181ACA8-7419-DB51-06E4-035D9E20702F}

21:11:24.0859 0x0de0 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 ( 37.27 Gb ), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:11:24.0875 0x0de0 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:11:24.0890 0x0de0 ============================================================

21:11:24.0890 0x0de0 \Device\Harddisk0\DR0:

21:11:24.0890 0x0de0 MBR partitions:

21:11:24.0890 0x0de0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182

21:11:24.0890 0x0de0 \Device\Harddisk1\DR1:

21:11:24.0890 0x0de0 MBR partitions:

21:11:24.0890 0x0de0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

21:11:24.0890 0x0de0 ============================================================

21:11:24.0921 0x0de0 C: <-> \Device\Harddisk0\DR0\Partition1

21:11:24.0953 0x0de0 D: <-> \Device\Harddisk1\DR1\Partition1

21:11:24.0953 0x0de0 ============================================================

21:11:24.0953 0x0de0 Initialize success

21:11:24.0953 0x0de0 ============================================================

21:11:33.0640 0x0894 ============================================================

21:11:33.0640 0x0894 Scan started

21:11:33.0640 0x0894 Mode: Manual;

21:11:33.0640 0x0894 ============================================================

21:11:33.0640 0x0894 KSN ping started

21:11:45.0031 0x0894 KSN ping finished: true

21:11:46.0468 0x0894 ================ Scan system memory ========================

21:11:46.0468 0x0894 System memory - ok

21:11:46.0468 0x0894 ================ Scan services =============================

21:11:46.0765 0x0894 Abiosdsk - ok

21:11:46.0765 0x0894 abp480n5 - ok

21:11:46.0843 0x0894 [ 0F2D66D5F08EBE2F77BB904288DCF6F0, 5969A64B6995DCAF16F9A76BD1235472F76D71DFE629B956221D2C3D73EDF98A ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys

21:11:46.0875 0x0894 ac97intc - ok

21:11:47.0140 0x0894 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:11:47.0187 0x0894 ACPI - ok

21:11:47.0234 0x0894 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

21:11:47.0234 0x0894 ACPIEC - ok

21:11:47.0421 0x0894 [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:11:47.0515 0x0894 AdobeFlashPlayerUpdateSvc - ok

21:11:47.0531 0x0894 adpu160m - ok

21:11:47.0578 0x0894 [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys

21:11:47.0578 0x0894 aeaudio - ok

21:11:47.0640 0x0894 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys

21:11:47.0687 0x0894 aec - ok

21:11:47.0765 0x0894 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys

21:11:47.0828 0x0894 AFD - ok

21:11:47.0890 0x0894 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

21:11:47.0906 0x0894 agp440 - ok

21:11:47.0921 0x0894 Aha154x - ok

21:11:47.0921 0x0894 aic78u2 - ok

21:11:47.0937 0x0894 aic78xx - ok

21:11:48.0015 0x0894 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

21:11:48.0046 0x0894 Alerter - ok

21:11:48.0093 0x0894 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe

21:11:48.0125 0x0894 ALG - ok

21:11:48.0125 0x0894 AliIde - ok

21:11:48.0140 0x0894 amsint - ok

21:11:48.0234 0x0894 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

21:11:48.0234 0x0894 AppMgmt - ok

21:11:48.0250 0x0894 asc - ok

21:11:48.0265 0x0894 asc3350p - ok

21:11:48.0265 0x0894 asc3550 - ok

21:11:48.0406 0x0894 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

21:11:48.0421 0x0894 aspnet_state - ok

21:11:48.0468 0x0894 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:11:48.0468 0x0894 AsyncMac - ok

21:11:48.0562 0x0894 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

21:11:48.0562 0x0894 atapi - ok

21:11:48.0578 0x0894 Atdisk - ok

21:11:48.0734 0x0894 [ 2D030C2F6B036CA0BC243E1B16D924D1, 202F717AC74CD28EF2B4979CA55A5ACD6564AD3F8B8372140A9C7FD990BA8989 ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys

21:11:48.0843 0x0894 ati2mtaa - ok

21:11:48.0906 0x0894 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:11:48.0937 0x0894 Atmarpc - ok

21:11:49.0015 0x0894 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

21:11:49.0015 0x0894 AudioSrv - ok

21:11:49.0078 0x0894 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

21:11:49.0156 0x0894 audstub - ok

21:11:49.0203 0x0894 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys

21:11:49.0203 0x0894 Beep - ok

21:11:49.0390 0x0894 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll

21:11:49.0843 0x0894 BITS - ok

21:11:49.0906 0x0894 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll

21:11:49.0906 0x0894 Browser - ok

21:11:49.0968 0x0894 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

21:11:49.0984 0x0894 cbidf2k - ok

21:11:50.0171 0x0894 [ 8EF654045E518AC00E52E7A1E2D3AD70, C267AAB7CA9C6D1DD49043DE13211E25157AADECC8D302712BBBD6EB6F530ED9 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

21:11:50.0171 0x0894 CCALib8 - ok

21:11:50.0250 0x0894 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

21:11:50.0265 0x0894 CCDECODE - ok

21:11:50.0265 0x0894 cd20xrnt - ok

21:11:50.0343 0x0894 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

21:11:50.0343 0x0894 Cdaudio - ok

21:11:50.0406 0x0894 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

21:11:50.0437 0x0894 Cdfs - ok

21:11:50.0484 0x0894 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:11:50.0515 0x0894 Cdrom - ok

21:11:50.0531 0x0894 Changer - ok

21:11:50.0593 0x0894 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe

21:11:50.0593 0x0894 CiSvc - ok

21:11:50.0625 0x0894 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

21:11:50.0656 0x0894 ClipSrv - ok

21:11:50.0734 0x0894 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:11:50.0765 0x0894 clr_optimization_v2.0.50727_32 - ok

21:11:50.0781 0x0894 CmdIde - ok

21:11:50.0796 0x0894 COMSysApp - ok

21:11:50.0812 0x0894 cpjfkelq - ok

21:11:50.0828 0x0894 Cpqarray - ok

21:11:50.0890 0x0eec Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc

21:11:50.0890 0x0894 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

21:11:50.0890 0x0894 CryptSvc - ok

21:11:50.0906 0x0894 dac2w2k - ok

21:11:50.0921 0x0894 dac960nt - ok

21:11:51.0109 0x0894 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

21:11:51.0156 0x0894 DcomLaunch - ok

21:11:51.0250 0x0894 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

21:11:51.0250 0x0894 Dhcp - ok

21:11:51.0281 0x0894 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

21:11:51.0296 0x0894 Disk - ok

21:11:51.0328 0x0894 dmadmin - ok

21:11:51.0593 0x0894 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

21:11:51.0875 0x0894 dmboot - ok

21:11:51.0875 0x0eec Object send P2P result: true

21:11:51.0968 0x0894 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys

21:11:52.0015 0x0894 dmio - ok

21:11:52.0078 0x0894 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys

21:11:52.0093 0x0894 dmload - ok

21:11:52.0156 0x0894 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll

21:11:52.0156 0x0894 dmserver - ok

21:11:52.0187 0x0894 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

21:11:52.0218 0x0894 DMusic - ok

21:11:52.0281 0x0894 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

21:11:52.0296 0x0894 Dnscache - ok

21:11:52.0375 0x0894 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

21:11:52.0421 0x0894 Dot3svc - ok

21:11:52.0437 0x0894 dpti2o - ok

21:11:52.0484 0x0894 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

21:11:52.0500 0x0894 drmkaud - ok

21:11:52.0578 0x0894 [ D94437E7EE086677B266099F695CDEA1, 16FBD82CCCD9212A81DF5F344259A588CEACEEDC752B9A8F48C7F9541DE4CCA3 ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys

21:11:52.0640 0x0894 E1000 - ok

21:11:52.0703 0x0894 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll

21:11:52.0718 0x0894 EapHost - ok

21:11:52.0796 0x0894 [ 653394706FF5634F4B5180B8294BADB1, D7849095EBB740B728238DB7DBD60D9EC8151AAEB60710C449F09B66B155AA59 ] EL90X C:\WINDOWS\system32\DRIVERS\el90xnd5.sys

21:11:52.0843 0x0894 EL90X - ok

21:11:52.0890 0x0894 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll

21:11:52.0890 0x0894 ERSvc - ok

21:11:52.0937 0x0894 esgiguard - ok

21:11:53.0015 0x0894 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe

21:11:53.0093 0x0894 Eventlog - ok

21:11:53.0218 0x0894 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll

21:11:53.0250 0x0894 EventSystem - ok

21:11:53.0296 0x0894 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

21:11:53.0359 0x0894 Fastfat - ok

21:11:53.0437 0x0894 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

21:11:53.0484 0x0894 FastUserSwitchingCompatibility - ok

21:11:53.0562 0x0894 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

21:11:53.0578 0x0894 Fdc - ok

21:11:53.0625 0x0894 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys

21:11:53.0656 0x0894 Fips - ok

21:11:53.0687 0x0894 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:11:53.0703 0x0894 Flpydisk - ok

21:11:53.0781 0x0894 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

21:11:53.0828 0x0894 FltMgr - ok

21:11:53.0937 0x0894 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

21:11:53.0968 0x0894 FontCache3.0.0.0 - ok

21:11:54.0031 0x0894 [ E0087225B137E57239FF40F8AE82059B, A03EF9778F267EEBBAD8F72AC0E492872AF73BCA435CCF5C336A8475046B1672 ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

21:11:54.0031 0x0894 fssfltr - ok

21:11:54.0375 0x0894 [ 45B52394F9624237F33A8A3D73C0B221, AC3E26F9D0E8A91164C54E87C9C8BFCF824A14C80D4CEF3255C6127A482F25FE ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe

21:11:54.0593 0x0894 fsssvc - ok

21:11:54.0625 0x0894 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:11:54.0625 0x0894 Fs_Rec - ok

21:11:54.0703 0x0894 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:11:54.0750 0x0894 Ftdisk - ok

21:11:54.0796 0x0894 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:11:54.0812 0x0894 GEARAspiWDM - ok

21:11:54.0859 0x0894 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:11:54.0875 0x0894 Gpc - ok

21:11:55.0046 0x0894 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

21:11:55.0109 0x0894 gusvc - ok

21:11:55.0203 0x0894 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

21:11:55.0203 0x0894 helpsvc - ok

21:11:55.0265 0x0894 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll

21:11:55.0265 0x0894 HidServ - ok

21:11:55.0312 0x0894 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:11:55.0328 0x0894 HidUsb - ok

21:11:55.0421 0x0894 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

21:11:55.0468 0x0894 hkmsvc - ok

21:11:55.0484 0x0894 hpn - ok

21:11:55.0593 0x0894 [ 970178E8E003EB1481293830069624B9, 411E7224347D7CB001667CDE013D7C30A3CC07AC7968FBFF4975A79D63BCA7D0 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

21:11:55.0671 0x0894 HSFHWBS2 - ok

21:11:56.0046 0x0894 [ EBB354438A4C5A3327FB97306260714A, 95C5008E44815343FBC4F7DEE47370EB9A28AFC12AE2447A0B298789504DB6B9 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

21:11:56.0562 0x0894 HSF_DP - ok

21:11:56.0703 0x0894 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

21:11:56.0781 0x0894 HTTP - ok

21:11:56.0859 0x0894 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

21:11:56.0875 0x0894 HTTPFilter - ok

21:11:56.0875 0x0894 i2omgmt - ok

21:11:56.0890 0x0894 i2omp - ok

21:11:56.0984 0x0894 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:11:57.0015 0x0894 i8042prt - ok

21:11:57.0437 0x0894 [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

21:11:57.0875 0x0894 ialm - ok

21:11:58.0250 0x0894 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:11:58.0281 0x0894 idsvc - ok

21:11:58.0343 0x0894 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

21:11:58.0359 0x0894 Imapi - ok

21:11:58.0453 0x0894 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe

21:11:58.0468 0x0894 ImapiService - ok

21:11:58.0484 0x0894 ini910u - ok

21:11:58.0531 0x0894 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

21:11:58.0531 0x0894 IntelIde - ok

21:11:58.0625 0x0894 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:11:58.0640 0x0894 intelppm - ok

21:11:58.0687 0x0894 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys

21:11:58.0703 0x0894 ip6fw - ok

21:11:58.0750 0x0894 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:11:58.0765 0x0894 IpFilterDriver - ok

21:11:58.0812 0x0894 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:11:58.0828 0x0894 IpInIp - ok

21:11:58.0906 0x0894 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:11:58.0906 0x0894 IpNat - ok

21:11:58.0953 0x0894 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:11:59.0015 0x0894 IPSec - ok

21:11:59.0046 0x0894 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

21:11:59.0046 0x0894 IRENUM - ok

21:11:59.0109 0x0894 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:11:59.0140 0x0894 isapnp - ok

21:11:59.0187 0x0894 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:11:59.0203 0x0894 Kbdclass - ok

21:11:59.0234 0x0894 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:11:59.0234 0x0894 kbdhid - ok

21:11:59.0312 0x0894 [ 2AD446E7A867C48099227415DD66FB34, 7A5C80C19B870EC2AAB448949758972AD1AE2FD7C158ECF4E17DE54A5982B58A ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys

21:11:59.0343 0x0894 KL1 - ok

21:11:59.0546 0x0894 [ 2A7A628CF5F2B255A8D82BF897903B89, DB6903F820D774F67B207647C91CFAEC8034144584A13DC08FC0944775946051 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys

21:11:59.0687 0x0894 KLIF - ok

21:11:59.0765 0x0894 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

21:11:59.0765 0x0894 kmixer - ok

21:11:59.0859 0x0894 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

21:11:59.0890 0x0894 KSecDD - ok

21:11:59.0937 0x0894 [ DC61F15187372D164769C841655E58F3, F8C9D24DEBB6A66E6C68AE8B960FCE9E0AA441AA507435C8725357EFE37DAE29 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

21:11:59.0937 0x0894 L8042Kbd - ok

21:12:00.0015 0x0894 [ 02D869562E114DB8867271992408BB2D, 22F6C547A39A67868274F70C5078FACF3F3857E3DB75CB87437E8282134FA4D9 ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys

21:12:00.0031 0x0894 L8042mou - ok

21:12:00.0140 0x0894 [ 0F8B7BF7097D1E8D78F2F52A2BEA03CD, 62E92E7D1C523E6C16DA42D7E4B86B2E02665B63387484867FFDE9AC4712075A ] L8042pr2 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys

21:12:00.0156 0x0894 L8042pr2 - ok

21:12:00.0234 0x0894 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

21:12:00.0250 0x0894 lanmanserver - ok

21:12:00.0328 0x0894 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

21:12:00.0375 0x0894 lanmanworkstation - ok

21:12:00.0390 0x0894 lbrtfdc - ok

21:12:00.0437 0x0894 [ F5E165B4E3DF145F6E8BF3C0573F94D8, 3B7759986E69A45A6A8F418AE5F66EFC49E7DC98B263984C1178F23F096ADD58 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

21:12:00.0453 0x0894 LHidFilt - ok

21:12:00.0531 0x0894 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

21:12:00.0546 0x0894 LmHosts - ok

21:12:00.0593 0x0894 [ B46E39B8AE439D7CE75A923E7F950040, E05CE43BFC6605D88DAD73518E66964C96C0CD7A48AC079EB72F285675FFF502 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

21:12:00.0609 0x0894 LMouFilt - ok

21:12:00.0671 0x0894 [ AEF09673376A4D93C09E8341854F1BF4, A760244ABE5801AB4BEA91702F7926943DBEAC46311D50DAB8C635338585AFD5 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys

21:12:00.0703 0x0894 LMouFlt2 - ok

21:12:00.0750 0x0894 [ B286865AC2747EE3B5EA78B5231F8C57, D689DB56D0CC9D0416BBBAFED287F4BA7B132727778B7AF098BA128EF393F06E ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys

21:12:00.0781 0x0894 LMouKE - ok

21:12:00.0812 0x0894 [ 9BBD8674C1D3811B851C8CF8A8E30E2C, 881CF9E3AE41D8E3934A4B00A9A0AC6316CC69C7A380B03225A320136407C377 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

21:12:00.0828 0x0894 LUsbFilt - ok

21:12:02.0140 0x0894 [ E2C99D3B692BA2173114C9DF79313B70, D2B1F052198EFBFAA49D52EFAE2614D7CBE25AE5DA9B4008602483B4A128512A ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys

21:12:03.0453 0x0894 LVUVC - ok

21:12:03.0500 0x0894 [ 195741AEE20369980796B557358CD774, 4AD0E691A7543539578FBF849828B5F1DDB5BCD697B4F9D28CF2AAB3F555D56B ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

21:12:03.0500 0x0894 mdmxsdk - ok

21:12:03.0562 0x0894 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll

21:12:03.0562 0x0894 Messenger - ok

21:12:03.0781 0x0894 Microsoft SharePoint Workspace Audit Service - ok

21:12:03.0828 0x0894 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

21:12:03.0828 0x0894 mnmdd - ok

21:12:03.0890 0x0894 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe

21:12:03.0921 0x0894 mnmsrvc - ok

21:12:03.0984 0x0894 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys

21:12:04.0015 0x0894 Modem - ok

21:12:04.0078 0x0894 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:12:04.0093 0x0894 Mouclass - ok

21:12:04.0140 0x0894 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:12:04.0156 0x0894 mouhid - ok

21:12:04.0203 0x0894 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

21:12:04.0234 0x0894 MountMgr - ok

21:12:04.0250 0x0894 mraid35x - ok

21:12:04.0359 0x0894 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

21:12:04.0390 0x0894 MREMP50 - ok

21:12:04.0390 0x0894 MREMPR5 - ok

21:12:04.0406 0x0894 MRENDIS5 - ok

21:12:04.0437 0x0894 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

21:12:04.0453 0x0894 MRESP50 - ok

21:12:04.0531 0x0894 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:12:04.0593 0x0894 MRxDAV - ok

21:12:04.0765 0x0894 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:12:04.0921 0x0894 MRxSmb - ok

21:12:04.0984 0x0894 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe

21:12:05.0015 0x0894 MSDTC - ok

21:12:05.0062 0x0894 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

21:12:05.0078 0x0894 Msfs - ok

21:12:05.0093 0x0894 MSIServer - ok

21:12:05.0109 0x0894 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:12:05.0125 0x0894 MSKSSRV - ok

21:12:05.0156 0x0894 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:12:05.0218 0x0894 MSPCLOCK - ok

21:12:05.0500 0x0894 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

21:12:05.0500 0x0894 MSPQM - ok

21:12:05.0546 0x0894 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:12:05.0562 0x0894 mssmbios - ok

21:12:05.0609 0x0894 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

21:12:05.0609 0x0894 MSTEE - ok

21:12:05.0687 0x0894 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

21:12:05.0734 0x0894 Mup - ok

21:12:05.0781 0x0894 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

21:12:05.0828 0x0894 NABTSFEC - ok

21:12:05.0953 0x0894 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll

21:12:06.0062 0x0894 napagent - ok

21:12:06.0171 0x0894 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

21:12:06.0234 0x0894 NDIS - ok

21:12:06.0281 0x0894 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

21:12:06.0281 0x0894 NdisIP - ok

21:12:06.0359 0x0894 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:12:06.0359 0x0894 NdisTapi - ok

21:12:06.0390 0x0894 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:12:06.0390 0x0894 Ndisuio - ok

21:12:06.0468 0x0894 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:12:06.0500 0x0894 NdisWan - ok

21:12:06.0562 0x0894 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

21:12:06.0578 0x0894 NDProxy - ok

21:12:06.0609 0x0894 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

21:12:06.0609 0x0894 NetBIOS - ok

21:12:06.0687 0x0894 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

21:12:06.0734 0x0894 NetBT - ok

21:12:06.0812 0x0894 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe

21:12:06.0875 0x0894 NetDDE - ok

21:12:06.0906 0x0894 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

21:12:06.0921 0x0894 NetDDEdsdm - ok

21:12:06.0953 0x0894 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe

21:12:07.0000 0x0894 Netlogon - ok

21:12:07.0093 0x0894 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll

21:12:07.0125 0x0894 Netman - ok

21:12:07.0187 0x0894 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:12:07.0234 0x0894 NetTcpPortSharing - ok

21:12:07.0359 0x0894 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll

21:12:07.0437 0x0894 Nla - ok

21:12:07.0484 0x0894 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

21:12:07.0500 0x0894 Npfs - ok

21:12:07.0687 0x0894 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

21:12:07.0875 0x0894 Ntfs - ok

21:12:07.0906 0x0894 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe

21:12:07.0906 0x0894 NtLmSsp - ok

21:12:08.0078 0x0894 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

21:12:08.0218 0x0894 NtmsSvc - ok

21:12:08.0234 0x0894 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys

21:12:08.0234 0x0894 Null - ok

21:12:10.0250 0x0894 [ 9F4384AA43548DDD438F7B7825D11699, D1C774881D8156C03FDEE2AC141A47A8457E2001003018D0653FE5309367B06C ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

21:12:12.0312 0x0894 nv - ok

21:12:12.0375 0x0894 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:12:12.0390 0x0894 NwlnkFlt - ok

21:12:12.0421 0x0894 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:12:12.0437 0x0894 NwlnkFwd - ok

21:12:12.0562 0x0894 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:12:12.0625 0x0894 ose - ok

21:12:14.0093 0x0894 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:12:14.0218 0x0894 osppsvc - ok

21:12:14.0312 0x0894 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

21:12:14.0328 0x0894 Parport - ok

21:12:14.0359 0x0894 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

21:12:14.0375 0x0894 PartMgr - ok

21:12:14.0421 0x0894 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

21:12:14.0421 0x0894 ParVdm - ok

21:12:14.0484 0x0894 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

21:12:14.0515 0x0894 PCI - ok

21:12:14.0531 0x0894 PCIDump - ok

21:12:14.0578 0x0894 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

21:12:14.0578 0x0894 PCIIde - ok

21:12:14.0656 0x0894 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

21:12:14.0687 0x0894 Pcmcia - ok

21:12:14.0734 0x0894 [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys

21:12:14.0750 0x0894 pcouffin - ok

21:12:14.0781 0x0894 PDCOMP - ok

21:12:14.0796 0x0894 PDFRAME - ok

21:12:14.0812 0x0894 PDRELI - ok

21:12:14.0828 0x0894 PDRFRAME - ok

21:12:14.0828 0x0894 perc2 - ok

21:12:14.0843 0x0894 perc2hib - ok

21:12:14.0921 0x0894 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe

21:12:14.0921 0x0894 PlugPlay - ok

21:12:14.0953 0x0894 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe

21:12:14.0953 0x0894 PolicyAgent - ok

21:12:15.0015 0x0894 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:12:15.0046 0x0894 PptpMiniport - ok

21:12:15.0078 0x0894 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

21:12:15.0093 0x0894 Processor - ok

21:12:15.0125 0x0894 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

21:12:15.0125 0x0894 ProtectedStorage - ok

21:12:15.0171 0x0894 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

21:12:15.0187 0x0894 PSched - ok

21:12:15.0250 0x0894 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:12:15.0265 0x0894 Ptilink - ok

21:12:15.0328 0x0894 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

21:12:15.0343 0x0894 PxHelp20 - ok

21:12:15.0359 0x0894 ql1080 - ok

21:12:15.0375 0x0894 Ql10wnt - ok

21:12:15.0390 0x0894 ql12160 - ok

21:12:15.0406 0x0894 ql1240 - ok

21:12:15.0421 0x0894 ql1280 - ok

21:12:15.0437 0x0894 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:12:15.0437 0x0894 RasAcd - ok

21:12:15.0500 0x0894 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll

21:12:15.0515 0x0894 RasAuto - ok

21:12:15.0546 0x0894 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:12:15.0562 0x0894 Rasl2tp - ok

21:12:15.0656 0x0894 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll

21:12:15.0687 0x0894 RasMan - ok

21:12:15.0718 0x0894 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:12:15.0734 0x0894 RasPppoe - ok

21:12:15.0750 0x0894 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

21:12:15.0765 0x0894 Raspti - ok

21:12:15.0843 0x0894 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:12:15.0890 0x0894 Rdbss - ok

21:12:15.0906 0x0894 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:12:15.0906 0x0894 RDPCDD - ok

21:12:16.0000 0x0894 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

21:12:16.0062 0x0894 rdpdr - ok

21:12:16.0171 0x0894 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

21:12:16.0343 0x0894 RDPWD - ok

21:12:16.0421 0x0894 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

21:12:16.0484 0x0894 RDSessMgr - ok

21:12:16.0546 0x0894 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

21:12:16.0562 0x0894 redbook - ok

21:12:16.0625 0x0894 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

21:12:16.0625 0x0894 RemoteAccess - ok

21:12:16.0703 0x0894 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

21:12:16.0734 0x0894 RemoteRegistry - ok

21:12:16.0812 0x0894 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe

21:12:16.0812 0x0894 RpcLocator - ok

21:12:16.0953 0x0894 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll

21:12:16.0968 0x0894 RpcSs - ok

21:12:17.0062 0x0894 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe

21:12:17.0125 0x0894 RSVP - ok

21:12:17.0140 0x0894 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe

21:12:17.0140 0x0894 SamSs - ok

21:12:17.0218 0x0894 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

21:12:17.0250 0x0894 SCardSvr - ok

21:12:17.0359 0x0894 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll

21:12:17.0468 0x0894 Schedule - ok

21:12:18.0187 0x0894 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

21:12:18.0234 0x0894 SDScannerService - ok

21:12:19.0281 0x0894 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

21:12:19.0328 0x0894 SDUpdateService - ok

21:12:19.0484 0x0894 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

21:12:19.0484 0x0894 SDWSCService - ok

21:12:19.0531 0x0894 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:12:19.0531 0x0894 Secdrv - ok

21:12:19.0593 0x0894 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll

21:12:19.0625 0x0894 seclogon - ok

21:12:19.0656 0x0894 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll

21:12:19.0656 0x0894 SENS - ok

21:12:19.0718 0x0894 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

21:12:19.0718 0x0894 serenum - ok

21:12:19.0765 0x0894 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

21:12:19.0781 0x0894 Serial - ok

21:12:19.0828 0x0894 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

21:12:19.0828 0x0894 Sfloppy - ok

21:12:19.0968 0x0894 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

21:12:20.0015 0x0894 SharedAccess - ok

21:12:20.0093 0x0894 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

21:12:20.0109 0x0894 ShellHWDetection - ok

21:12:20.0125 0x0894 Simbad - ok

21:12:20.0187 0x0894 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

21:12:20.0187 0x0894 SLIP - ok

21:12:20.0406 0x0894 [ 31FD0707C7DBE715234F2823B27214FE, 9277F6AA025BF80D7AD3338D4EB33FAF899EC0157AE37160007D56E2F3CAFFBC ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

21:12:20.0578 0x0894 smwdm - ok

21:12:20.0593 0x0894 Sparrow - ok

21:12:20.0640 0x0894 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys

21:12:20.0640 0x0894 splitter - ok

21:12:20.0718 0x0894 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe

21:12:20.0718 0x0894 Spooler - ok

21:12:20.0765 0x0894 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

21:12:20.0796 0x0894 sr - ok

21:12:20.0890 0x0894 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll

21:12:20.0921 0x0894 srservice - ok

21:12:21.0062 0x0894 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

21:12:21.0078 0x0894 Srv - ok

21:12:21.0171 0x0894 [ 1CAC71D756CE00AE0681F9028DDE874B, E4C3C0092EE9550047285A3235C265A70C2FD0DEB96A5F1BD4F3C46E93154ED2 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys

21:12:21.0203 0x0894 ssadserd - ok

21:12:21.0265 0x0894 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

21:12:21.0281 0x0894 SSDPSRV - ok

21:12:21.0421 0x0894 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll

21:12:21.0468 0x0894 stisvc - ok

21:12:21.0515 0x0894 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

21:12:21.0531 0x0894 streamip - ok

21:12:21.0578 0x0894 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

21:12:21.0593 0x0894 swenum - ok

21:12:21.0625 0x0894 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

21:12:21.0656 0x0894 swmidi - ok

21:12:21.0671 0x0894 SwPrv - ok

21:12:21.0687 0x0894 symc810 - ok

21:12:21.0687 0x0894 symc8xx - ok

21:12:21.0703 0x0894 sym_hi - ok

21:12:21.0718 0x0894 sym_u3 - ok

21:12:21.0750 0x0894 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

21:12:21.0781 0x0894 sysaudio - ok

21:12:21.0859 0x0894 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

21:12:21.0906 0x0894 SysmonLog - ok

21:12:22.0796 0x0894 [ 1D24FB5843047E3FA9A3D17BE2C6E5B7, CA972AAAF262333BDEF4710CF90D05899371104FA98DA23E42143027CCE3190D ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe

21:12:22.0875 0x0894 TabletServicePen - ok

21:12:23.0015 0x0894 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

21:12:23.0078 0x0894 TapiSrv - ok

21:12:23.0250 0x0894 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:12:23.0375 0x0894 Tcpip - ok

21:12:23.0421 0x0894 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

21:12:23.0437 0x0894 TDPIPE - ok

21:12:23.0468 0x0894 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

21:12:23.0484 0x0894 TDTCP - ok

21:12:23.0531 0x0894 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

21:12:23.0546 0x0894 TermDD - ok

21:12:23.0687 0x0894 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll

21:12:23.0718 0x0894 TermService - ok

21:12:23.0781 0x0894 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll

21:12:23.0796 0x0894 Themes - ok

21:12:23.0859 0x0894 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe

21:12:23.0890 0x0894 TlntSvr - ok

21:12:23.0906 0x0894 TosIde - ok

21:12:23.0984 0x0894 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll

21:12:23.0984 0x0894 TrkWks - ok

21:12:24.0046 0x0894 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

21:12:24.0078 0x0894 Udfs - ok

21:12:24.0093 0x0894 ultra - ok

21:12:24.0250 0x0894 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

21:12:24.0375 0x0894 Update - ok

21:12:24.0468 0x0894 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll

21:12:24.0484 0x0894 upnphost - ok

21:12:24.0515 0x0894 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe

21:12:24.0546 0x0894 UPS - ok

21:12:24.0609 0x0894 [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

21:12:24.0640 0x0894 usbaudio - ok

21:12:24.0703 0x0894 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:12:24.0703 0x0894 usbccgp - ok

21:12:24.0734 0x0894 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:12:24.0750 0x0894 usbehci - ok

21:12:24.0812 0x0894 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:12:24.0843 0x0894 usbhub - ok

21:12:24.0859 0x0894 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:12:24.0875 0x0894 usbprint - ok

21:12:24.0921 0x0894 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:12:24.0937 0x0894 usbscan - ok

21:12:25.0000 0x0894 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:12:25.0000 0x0894 USBSTOR - ok

21:12:25.0031 0x0894 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:12:25.0046 0x0894 usbuhci - ok

21:12:25.0093 0x0894 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

21:12:25.0109 0x0894 VgaSave - ok

21:12:25.0125 0x0894 ViaIde - ok

21:12:25.0156 0x0894 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

21:12:25.0171 0x0894 VolSnap - ok

21:12:25.0437 0x0894 [ 4254068AD9BD21341E48C47D86727F4A, 2900979BEDC6EF84C74121CE3FFA5F67209CF3DD28D0C920723A4479F4426BBE ] Vsdatant C:\WINDOWS\system32\vsdatant.sys

21:12:25.0515 0x0894 Vsdatant - ok

21:12:27.0093 0x0894 [ ABC70D66394C27F0B50E41A19E89C2D7, EFB1354DDB5599D13D5397EB34EC865D7F23344650C64C5A04622430A6B22B77 ] vsmon C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

21:12:27.0203 0x0894 vsmon - ok

21:12:27.0343 0x0894 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe

21:12:27.0437 0x0894 VSS - ok

21:12:27.0515 0x0894 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll

21:12:27.0531 0x0894 W32Time - ok

21:12:27.0687 0x0894 [ F0BDC2B474E26117EE77BFDBA051FB3C, 3195DA44456BA30DD186974CDF4302A55A39FA7B389A9DD2345BDFA11772ED3C ] W8335XP C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys

21:12:27.0687 0x0894 W8335XP - ok

21:12:27.0750 0x0894 [ 9A03558C37E919B9D6A50864AEA0A168, 13FFD87D25F4154C2016A14D8457FC26785674D51FEBE1B6DC11DDDA84706B0D ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys

21:12:27.0765 0x0894 wacmoumonitor - ok

21:12:27.0812 0x0894 [ 427A8BC96F16C40DF81C2D2F4EDD32DD, C65B089140D4A7218FC5B6EEDCCE498DF1F71BBE375762C9092FAC02CAE1CEC7 ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys

21:12:27.0828 0x0894 wacommousefilter - ok

21:12:27.0843 0x0894 [ D412D2CC82C3D469415758CAB44875A4, E5A1B5DC275C0D45800193E099E65FB757FFD3E02C297FA3AA6CA54B3C25BC80 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys

21:12:27.0859 0x0894 wacomvhid - ok

21:12:27.0875 0x0894 [ 889459833432B161CB99CFDF84A1A9BB, 0E8AC800639D89CFE6248FCDD8CEC16AC73C27526E0E4BA70200542ADE50B5E5 ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys

21:12:27.0890 0x0894 WacomVKHid - ok

21:12:27.0937 0x0894 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:12:27.0968 0x0894 Wanarp - ok

21:12:28.0171 0x0894 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

21:12:28.0343 0x0894 Wdf01000 - ok

21:12:28.0359 0x0894 WDICA - ok

21:12:28.0406 0x0894 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

21:12:28.0437 0x0894 wdmaud - ok

21:12:28.0515 0x0894 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll

21:12:28.0546 0x0894 WebClient - ok

21:12:28.0781 0x0894 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE, 48EF4217924D15D54F9B3E1D5E51944FF16E7832982D32A978A3FA8165417611 ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys

21:12:29.0000 0x0894 winachsf - ok

21:12:29.0203 0x0894 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

21:12:29.0203 0x0894 winmgmt - ok

21:12:29.0734 0x0894 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:12:29.0781 0x0894 wlidsvc - ok

21:12:29.0843 0x0894 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

21:12:29.0875 0x0894 WmdmPmSN - ok

21:12:30.0078 0x0894 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll

21:12:30.0218 0x0894 Wmi - ok

21:12:30.0312 0x0894 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe

21:12:30.0328 0x0894 WmiApSrv - ok

21:12:30.0937 0x0894 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

21:12:31.0250 0x0894 WMPNetworkSvc - ok

21:12:31.0281 0x0894 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

21:12:31.0296 0x0894 WS2IFSL - ok

21:12:31.0359 0x0894 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

21:12:31.0375 0x0894 wscsvc - ok

21:12:31.0437 0x0894 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

21:12:31.0453 0x0894 WSTCODEC - ok

21:12:31.0500 0x0894 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll

21:12:31.0500 0x0894 wuauserv - ok

21:12:31.0562 0x0894 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:12:31.0593 0x0894 WudfPf - ok

21:12:31.0625 0x0894 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:12:31.0656 0x0894 WudfRd - ok

21:12:31.0703 0x0894 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

21:12:31.0718 0x0894 WudfSvc - ok

21:12:31.0906 0x0894 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

21:12:32.0000 0x0894 WZCSVC - ok

21:12:32.0078 0x0894 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll

21:12:32.0125 0x0894 xmlprov - ok

21:12:32.0234 0x0894 [ A8A49F0427D783BFF78BC3226B4ABD0D, BE074147C825292C5A4CB859EE0238061511753F24348975BC51B313F370DD2C ] ZAPrivacyService C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

21:12:32.0234 0x0894 ZAPrivacyService - ok

21:12:32.0281 0x0894 ================ Scan global ===============================

21:12:32.0343 0x0894 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll

21:12:32.0500 0x0894 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

21:12:32.0703 0x0894 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

21:12:32.0765 0x0894 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe

21:12:32.0781 0x0894 [ Global ] - ok

21:12:32.0781 0x0894 ================ Scan MBR ==================================

21:12:32.0812 0x0894 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

21:12:33.0046 0x0894 \Device\Harddisk0\DR0 - ok

21:12:33.0062 0x0894 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

21:12:33.0062 0x0894 \Device\Harddisk1\DR1 - ok

21:12:33.0062 0x0894 ================ Scan VBR ==================================

21:12:33.0078 0x0894 [ 1BA7B2E7E116A40DEC8663EDA6382502 ] \Device\Harddisk0\DR0\Partition1

21:12:33.0078 0x0894 \Device\Harddisk0\DR0\Partition1 - ok

21:12:33.0093 0x0894 [ 0220C38C6DBDF9A3E505AFD709064461 ] \Device\Harddisk1\DR1\Partition1

21:12:33.0109 0x0894 \Device\Harddisk1\DR1\Partition1 - ok

21:12:33.0125 0x0894 ================ Scan generic autorun ======================

21:12:33.0218 0x0894 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\NeroCheck.exe

21:12:33.0218 0x0894 NeroFilterCheck - ok

21:12:33.0296 0x0894 [ 3F2C8DD08549BB3419CDA372F5999FFA, D2AF3C3BD950A027094034B40C6F81BE966A557F9BD403D3D10E3D0D31CF8A76 ] C:\WINDOWS\system32\igfxtray.exe

21:12:33.0312 0x0894 igfxtray - ok

21:12:33.0343 0x0894 [ 01018F75F3F18CE629FAC9689954A2AE, F10802A5DEE4527B34939A5FF77B6B3184F7A2FF2963DE6C872C85C25233C7CF ] C:\WINDOWS\system32\hkcmd.exe

21:12:33.0343 0x0894 igfxhkcmd - ok

21:12:33.0390 0x0894 [ 996ABAC2332DE28F3B6A179C6DA20205, D9E7D690400FA5816555A1030BB39CC9DC3C5EF195A44085B072BEF5EDA7A67A ] C:\WINDOWS\system32\igfxpers.exe

21:12:33.0406 0x0894 igfxpers - ok

21:12:33.0453 0x0894 [ 34A14CD6B6E9C8BFBABEAF6EED5149BB, C50DEC821FB661F4514D8F1D24A48C38135518D21DF4CC8BB0EDD5B463AEAE4C ] C:\WINDOWS\Logi_MwX.Exe

21:12:35.0812 0x0894 Logitech Utility - ok

21:12:36.0359 0x0894 [ 4814DEDE3A8F5B36839C11B04324F240, EABCAB1EF13E727E7C15BD9208A7FC9062394A7188CD535EAC05805E1DFF3619 ] C:\Program Files\Microsoft IntelliType Pro\itype.exe

21:12:36.0390 0x0894 itype - ok

21:12:36.0578 0x0894 [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

21:12:36.0656 0x0894 LWS - ok

21:12:36.0734 0x0894 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe

21:12:36.0765 0x0894 BCSSync - ok

21:12:37.0203 0x0894 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

21:12:37.0218 0x0894 Adobe ARM - ok

21:12:37.0328 0x0894 [ 6ACC44D3C8B72617061A6D2B66C7D5A7, 2CCA5D68B8C9640AADAF42E0260CFB94DDF60213D7BB3FFA6DCB673C096DB86C ] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

21:12:37.0343 0x0894 ZoneAlarm - ok

21:12:39.0203 0x0894 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

21:12:39.0312 0x0894 SDTray - ok

21:12:39.0328 0x0894 AVG7_Run - ok

21:12:39.0375 0x0894 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

21:12:39.0375 0x0894 ctfmon.exe - ok

21:12:39.0718 0x0894 [ 168531BB1255C1B45DF47694409F9DE1, DB8AD75FA5A4D455FE220E2D8940572D08490D5E6535F7EF2C94C1DFAC2D7CA2 ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

21:12:39.0859 0x0894 OfficeSyncProcess - ok

21:12:39.0859 0x0894 Waiting for KSN requests completion. In queue: 126

21:12:40.0921 0x0894 AV detected via SS1: ZoneAlarm Antivirus, 13.2.15.0, enabled, updated

21:12:40.0921 0x0894 FW detected via SS1: ZoneAlarm Firewall, 13.2.15.0, enabled

21:12:41.0265 0x0894 ============================================================

21:12:41.0265 0x0894 Scan finished

21:12:41.0265 0x0894 ============================================================

21:12:41.0281 0x0fd4 Detected object count: 0

21:12:41.0281 0x0fd4 Actual detected object count: 0

21:16:03.0890 0x0a5c Deinitialize success

Link to post
Share on other sites

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Consumer InputWeb Protect for Windows
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-12-2014
Ran by Administrator at 2014-12-01 17:58:09 Run:1
Running from D:\My Documents\GREG's Stuff
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\GROOVO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-796845957-1844237615-725345543-500.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
SSODL: vepozusij - {4f1c641b-9e07-4857-844e-33dcde40af70} -  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-796845957-1844237615-725345543-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION

S1 cpjfkelq; \??\C:\WINDOWS\system32\drivers\cpjfkelq.sys [X]

C:\Program Files\Consumer Input
C:\DOCUME~1\ADMINI~1\APPLIC~1\GROOVO~1
2014-11-15 19:49 - 2014-11-15 19:49 - 00000000 ____D () C:\Program Files\Setup Support for Consumer Input
2014-11-15 19:48 - 2014-11-18 19:04 - 00000364 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-796845957-1844237615-725345543-500.job
2014-11-15 19:47 - 2014-11-15 19:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Compete
2014-11-15 19:46 - 2014-11-15 21:10 - 00131072 _____ () C:\WINDOWS\system32\config\pastalea.evt
2014-11-15 18:42 - 2014-11-15 18:42 - 00000394 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-11-15 18:41 - 2014-11-15 21:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2b95fb5d4df5281e
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch
2014-11-15 18:41 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Program Files\0ca45c95134d
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google
2014-11-15 18:40 - 2014-11-15 18:41 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Google
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\HelpAssistant
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo
2014-11-15 18:40 - 2014-11-15 18:40 - 00000000 ____D () C:\Documents and Settings\Guest
2014-11-15 18:39 - 2014-11-15 18:39 - 00000885 _____ () C:\end

EmptyTemp:
*****************

C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-796845957-1844237615-725345543-500.job => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys" => Key deleted successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B9D8E22" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":242231A9" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vepozusij => value deleted successfully.
"HKLM\Software\Classes\CLSID\{4f1c641b-9e07-4857-844e-33dcde40af70}" => Key deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-796845957-1844237615-725345543-500\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
cpjfkelq => Service deleted successfully.
"C:\Program Files\Consumer Input" => File/Directory not found.
"C:\DOCUME~1\ADMINI~1\APPLIC~1\GROOVO~1" => File/Directory not found.
C:\Program Files\Setup Support for Consumer Input => Moved successfully.
"C:\WINDOWS\Tasks\CIMT_S-1-5-21-796845957-1844237615-725345543-500.job" => File/Directory not found.
C:\Documents and Settings\Administrator\Application Data\Compete => Moved successfully.
Could not move "C:\WINDOWS\system32\config\pastalea.evt" => Scheduled to move on reboot.
C:\Documents and Settings\All Users\ntuser.pol => Moved successfully.
C:\Documents and Settings\All Users\Application Data\2b95fb5d4df5281e => Moved successfully.
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch => Moved successfully.
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo => Moved successfully.
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser => Moved successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch => Moved successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo => Moved successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser => Moved successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Torch => Moved successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser => Moved successfully.
C:\Program Files\0ca45c95134d => Moved successfully.
C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google => Moved successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google => Moved successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Google => Moved successfully.
C:\Documents and Settings\SUPPORT_388945a0 => Moved successfully.
C:\Documents and Settings\HelpAssistant => Moved successfully.
C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo => Moved successfully.
C:\Documents and Settings\Guest => Moved successfully.
C:\end => Moved successfully.
EmptyTemp: => Removed 1.6 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-01 18:07:50)<=

"C:\WINDOWS\system32\config\pastalea.evt" => File could not move.

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/1/2014
Scan Time: 6:25:28 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.12.01.07
Rootkit Database: v2014.12.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307083
Time Elapsed: 1 hr, 33 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.Snapdo.T, HKU\S-1-5-21-796845957-1844237615-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [1a8f3c215f1dc1754092be9c966d8e72]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.VBates.A, C:\Documents and Settings\Administrator\Application Data\Company\Product\1.0, Quarantined, [7534f4695b21dd5915557dcb19ea0df3],
PUP.Optional.WList.A, C:\Documents and Settings\Administrator\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [446582dbe99353e374e32c111fe4a957],
PUP.Optional.WList.A, C:\Documents and Settings\Administrator\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [446582dbe99353e374e32c111fe4a957],
PUP.Optional.WList.A, C:\Documents and Settings\Administrator\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [446582dbe99353e374e32c111fe4a957],

Files: 5
PUP.Optional.VBates.A, C:\Documents and Settings\Administrator\Application Data\Company\Product\1.0\localStorageIE.txt, Quarantined, [7534f4695b21dd5915557dcb19ea0df3],
PUP.Optional.VBates.A, C:\Documents and Settings\Administrator\Application Data\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [7534f4695b21dd5915557dcb19ea0df3],
PUP.Optional.WList.A, C:\Documents and Settings\Administrator\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [446582dbe99353e374e32c111fe4a957],
PUP.Optional.WList.A, C:\Documents and Settings\Administrator\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, Quarantined, [446582dbe99353e374e32c111fe4a957],
PUP.Optional.WList.A, C:\Documents and Settings\Administrator\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, Quarantined, [446582dbe99353e374e32c111fe4a957],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]Click Start[*]Wait for the scan to finish[*]When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."[*] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[*]Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

ESET online scan results

C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe    Win32/Toolbar.Montiera.B potentially unwanted application
C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe    Win32/Toolbar.Montiera.B potentially unwanted application
C:\Documents and Settings\Administrator\Application Data\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe    Win32/Toolbar.Montiera.E potentially unwanted application
C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security\ldrtbZon0.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security\ldrtbZon2.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security\tbZon0.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security\tbZon2.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Torch\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\Guest\Local Settings\Application Data\Torch\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\HelpAssistant\Local Settings\Application Data\Torch\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome SxS\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\FRST\Quarantine\C\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Torch\User Data\Default\Extensions\lmpnjbbjpocgfipajdgfipjkkmahnmck\5.2\fFf3N.js    JS/Kryptik.ATB trojan
C:\Other Stuff\Download\Mahjong Champ 3D Download Manager.exe    a variant of Win32/InstallCore.QW potentially unwanted application
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files\CheckPoint\Install\CUninstallerZA.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files\CheckPoint\Install\zatb.exe    Win32/Toolbar.Montiera.I potentially unwanted application
C:\Program Files\Trend Micro\HijackThis\backups\backup-20141115-205914-681.dll    Win32/AdWare.Vitruvian.D application
C:\Program Files\Web Protect\MyOSProtect.dll    Win32/Adware.Loadshop.C application
C:\Program Files\Web Protect\MyOSProtect64.dll    Win64/Adware.Loadshop.C application
C:\Program Files\Web Protect\pcwtc64f.sys    Win64/Adware.Loadshop.D application
C:\Program Files\Web Protect\pcwtc64r.sys    Win64/Adware.Loadshop.E application
C:\Program Files\Web Protect\postcollect.exe    Win32/AdWare.Loadshop.G application
C:\Program Files\Web Protect\precollect.exe    Win32/AdWare.Loadshop.G application
C:\Program Files\Web Protect\uninstallhelper.exe    Win32/AdWare.Loadshop.H application
C:\Program Files\Web Protect\WDCertInstaller.dll    Win32/Adware.Loadshop.F application
C:\WINDOWS\Installer\MSI55.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\WINDOWS\Installer\MSI55.tmp-\sppsm.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\WINDOWS\Installer\MSI55.tmp-\spusm.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\WINDOWS\Installer\MSI55.tmp-\srbu.dll    a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\WINDOWS\Installer\MSI55.tmp-\srptc.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\WINDOWS\Installer\MSI63.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\WINDOWS\Installer\MSI63.tmp-\spbe.dll    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\WINDOWS\Installer\MSI63.tmp-\sppsm.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\WINDOWS\Installer\MSI63.tmp-\spusm.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\WINDOWS\Installer\MSI63.tmp-\srbs.dll    a variant of MSIL/Toolbar.Linkury.C potentially unwanted application
C:\WINDOWS\Installer\MSI63.tmp-\srbu.dll    a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\WINDOWS\Installer\MSI63.tmp-\srptc.dll    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\WINDOWS\system32\lsdprn.exe    a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application
C:\WINDOWS\system32\MyOSProtect.dll    Win32/Adware.Loadshop.C application
C:\WUTemp\ccsetup416.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\WUTemp\ccsetup417.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\WUTemp\FotoMorphV13Setup.exe    a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\WUTemp\SweetHome3D-4.3-windows-oc.exe    Win32/OpenCandy potentially unsafe application
C:\WUTemp\zafwSetupWeb_131_211_000.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\WUTemp\zaSetupWeb_101_065_000.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\WUTemp\zaSetupWeb_132_015_000.exe    Win32/Toolbar.Conduit potentially unwanted application
D:\1e0653ed2d4ba26e2a912e9c06afdf\Conuuter stuff\dsb-deluxe-bing_full965.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
D:\My Documents\ccsetup406.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\clipartsample.exe    a variant of Win32/InstallIQ.A potentially unwanted application
D:\My Documents\zaSetupWeb_120_104_000.exe    Win32/Toolbar.Conduit potentially unwanted application
D:\My Documents\Downloads\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\Downloads\ccsetup418.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\Downloads\ccsetup500.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\Downloads\SpyHunter_4.15.1.4270.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application
D:\My Documents\Downloads\zaSetup_92_106_000_en.exe    a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
D:\My Documents\Downloads\SpyHunter_4.15.1.4270\SpyHunter_4.15.1.4270\patch-SND.zip    a variant of Win32/HackTool.Patcher.T potentially unsafe application
D:\Z back folder\WUTemp\gusetup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
Operating memory    Win32/Adware.Loadshop.C application
 

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.