Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Change my all Passwords Same Time [$30 Gift 4 Help] [Solved

Started by amicusthe , Aug 28 2012 10:38 AM

  • This topic is locked This topic is locked

#1
amicusthe
Posted 28 August 2012 - 10:38 AM

amicusthe

    Member

  • Member
  • PipPip
  • 12 posts
Yesterday i download a tool from mediafire. Link is on youtube and nice video! Inside file there is a patch and i just click it. Nothing happen! But after few more hours i realize that Some one else use my paypal to Pay Gameoff.com I open case and log in to yahoo account that i use to create paypal account, Boom! password is wrong Then i try to recover it but 2nd email and sq questions are removed Then i try to log ebay using my phone, Same result! Can any one help me to remove this virus from my pc? Its still there, Keep sending my details to some guy in some where! I try Kaspersky pure 2.0 but it can't remove virus. I am using a XP machine.. 1TB HDD and 4gb ram (1tb removed for format / Primary can't format)


* I search all over the forum but i didn't find payment link! If any admin read this please send me the link. I will pay for your help

RKreport[1]

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 08/28/2012 21:19:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys --> CANNOT FIX
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys --> CANNOT FIX
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys --> CANNOT FIX
[Faked.Drv][FILE] fltmgr.sys : C:\WINDOWS\system32\drivers\fltmgr.sys --> CANNOT FIX
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys --> CANNOT FIX
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys --> CANNOT FIX
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys --> CANNOT FIX
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys --> CANNOT FIX
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys --> CANNOT FIX
[Faked.Drv][FILE] w200bus.sys : C:\WINDOWS\system32\drivers\w200bus.sys --> CANNOT FIX

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 axandra.com
127.0.0.1 www.axandra.com
127.0.0.1 keywordindex.com
127.0.0.1 www.keywordindex.com
127.0.0.1 www.ibusinesspromoter.com
127.0.0.1 ibusinesspromoter.com
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722516DLA380 +++++
--- User ---
[MBR] 0f92897fe7c38efb29c1d45122891fc4
[BSP] dba266b48ebbf4f4394ee039f2f3972b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 116094 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RKreport[2]

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 08/28/2012 21:19:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys --> CANNOT FIX
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys --> CANNOT FIX
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys --> CANNOT FIX
[Faked.Drv][FILE] fltmgr.sys : C:\WINDOWS\system32\drivers\fltmgr.sys --> CANNOT FIX
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys --> CANNOT FIX
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys --> CANNOT FIX
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys --> CANNOT FIX
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys --> CANNOT FIX
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys --> CANNOT FIX
[Faked.Drv][FILE] w200bus.sys : C:\WINDOWS\system32\drivers\w200bus.sys --> CANNOT FIX

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 axandra.com
127.0.0.1 www.axandra.com
127.0.0.1 keywordindex.com
127.0.0.1 www.keywordindex.com
127.0.0.1 www.ibusinesspromoter.com
127.0.0.1 ibusinesspromoter.com
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722516DLA380 +++++
--- User ---
[MBR] 0f92897fe7c38efb29c1d45122891fc4
[BSP] dba266b48ebbf4f4394ee039f2f3972b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 116094 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RKreport[3]

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/28/2012 21:21:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 7 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 55 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 380 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[G:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\CdRom1 -- 0x5 --> Skipped
[I:] \Device\IsoCdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



OLT

OTL logfile created on: 8/28/2012 9:24:50 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.88% Memory free
3.85 Gb Paging File | 3.55 Gb Available in Paging File | 92.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 20.91 Gb Free Space | 52.27% Space Free | Partition Type: NTFS
Drive D: | 63.99 Gb Total Space | 10.11 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 2.52 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
Drive F: | 38.13 Gb Total Space | 2.30 Gb Free Space | 6.03% Space Free | Partition Type: NTFS

Computer Name: DOOM3CXD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 14:20:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/22 16:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/12/02 17:01:46 | 003,284,992 | ---- | M] (SoftPerfect) -- C:\Program Files\NetWorx\networx.exe
PRC - [2011/08/12 05:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 18:26:09 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
MOD - [2011/09/17 12:18:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll
MOD - [2005/02/16 00:44:24 | 000,412,672 | ---- | M] () -- C:\Program Files\WinUHA\shellwinuha.dll


========== Services (SafeList) ==========

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/20 01:11:48 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/22 16:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/08 10:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Unavailable | Unknown] -- Device\HarddiskVolume1\Program Files\RingCube\MojoPac\Program Files\RingThree\bin\pvm.sys -- (pvm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/24 15:28:36 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/04/11 17:03:33 | 000,154,464 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/03/22 16:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/03/01 16:30:37 | 000,130,664 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\setupinformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/22 22:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 05:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/05/24 17:10:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/06/22 18:14:40 | 004,432,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/03/12 14:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [2006/11/07 14:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006/11/07 14:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt)
DRV - [2006/11/07 14:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006/11/07 14:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006/11/07 14:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus)
DRV - [2004/08/04 04:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsea...q={searchterms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspo...q={searchTerms}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsea...q={searchterms}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fastest"
FF - prefs.js..browser.search.defaulturl: "http://fastestwebsea...={searchTerms}"
FF - prefs.js..browser.search.order.1: "http://fastestwebsea...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Fastest"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://fastestwebsea....com/search?q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 16:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/20 21:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/08/26 23:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions
[2012/07/26 20:37:24 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2012/04/20 22:14:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/13 13:10:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\[email protected]
[2012/05/09 11:48:42 | 000,002,095 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\google.xml
[2012/06/18 22:46:07 | 000,001,344 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\madura.xml
[2012/05/24 23:00:34 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\torrentz.xml
[2012/04/20 21:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 22:43:39 | 000,089,442 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
[2012/04/25 04:45:37 | 000,010,606 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\{E8F509F0-B677-11DE-8A39-0800200C9A66}.XPI
[2012/05/09 11:47:27 | 000,025,781 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 11:50:49 | 000,617,362 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/08/13 12:07:26 | 000,032,816 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 11:50:49 | 000,021,356 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 16:51:08 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/21 07:32:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/25 17:09:20 | 000,005,859 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fastestwebsearch.xml
[2012/06/21 07:32:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/26 06:48:23 | 000,005,142 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wchoppers.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Rollercoaster Creator = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1.5_0\
CHR - Extension: Webpage Screenshot = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\
CHR - Extension: Monster Dash = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\
CHR - Extension: Build a Robot = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkifjkfdmacgkhldodeohbhcknoijpeo\1.1_0\
CHR - Extension: Penguin Combat = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoglceicemjdngkmfgpdamgglhediod\2.0.0_0\
CHR - Extension: Master Blaster = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glijjfcpolilajfhpfjgohbbogficana\4.0.0_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Gun Blood = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifphbghhodpimajnjejgjlfcjmnnkhci\4.0.0_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\
CHR - Extension: Isoball = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kejjemnehdnkjkjnjbiilhlpnbliolhf\2.0.0_0\
CHR - Extension: Cargo Bridge: Xmas level pack = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk\1.0.1_0\
CHR - Extension: Jailbreak Rush = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncfiimlbhgllinjmkfjpikokpedpdbae\4.0.0_0\
CHR - Extension: Running = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pibmbphgclmikgclcjlfnlepeofhcffm\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\

O1 HOSTS File: ([2012/08/19 22:32:29 | 000,001,262 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 axandra.com
O1 - Hosts: 127.0.0.1 www.axandra.com
O1 - Hosts: 127.0.0.1 keywordindex.com
O1 - Hosts: 127.0.0.1 www.keywordindex.com
O1 - Hosts: 127.0.0.1 www.ibusinesspromoter.com
O1 - Hosts: 127.0.0.1 ibusinesspromoter.com
O1 - Hosts: 74.125.93.191 imnuke.net
O1 - Hosts: 74.125.93.191 www.imnuke.net
O1 - Hosts: 74.125.93.191 senuke.biz
O1 - Hosts: 74.125.93.191 www.senuke.biz
O1 - Hosts: 74.125.93.191 imnuke.net
O1 - Hosts: 74.125.93.191 www.imnuke.net
O1 - Hosts: 74.125.93.191 senuke.biz
O1 - Hosts: 74.125.93.191 www.senuke.biz
O1 - Hosts: 74.125.93.191 imnuke.net
O1 - Hosts: 74.125.93.191 www.imnuke.net
O1 - Hosts: 74.125.93.191 senuke.biz
O1 - Hosts: 74.125.93.191 www.senuke.biz
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\Toolbar\ShellBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\prxtbBS_P.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\prxtbBS_P.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect)
O4 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003..\Run: [BitTorrent] F:\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/11/03 12:09:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\.\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2012/08/28 20:25:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2012/08/28 18:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2012/08/28 18:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\SUPERAntiSpyware
[2012/08/28 18:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/08/28 18:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/28 17:59:15 | 000,000,000 | --SD | C] -- D:\My Documents\Passwords Database
[2012/08/28 17:24:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 17:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2012/08/28 17:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 17:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/28 17:23:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/28 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/28 17:19:08 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/28 17:18:42 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2012/08/28 17:13:50 | 017,246,464 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/08/28 14:24:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Desktop\Crokiroz
[2012/08/28 14:20:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/28 13:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/28 13:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/28 13:38:11 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup322.exe
[2012/08/27 12:23:18 | 000,000,000 | R--D | C] -- C:\Backup
[2012/08/27 12:21:27 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2012/08/27 12:21:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2012/08/27 10:30:04 | 000,339,320 | ---- | C] (Hide My IP) -- C:\WINDOWS\System32\HMIPCore.dll
[2012/08/25 01:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR
[2012/08/25 01:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/08/22 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Skillbrains
[2012/08/22 20:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\LightShot
[2012/08/22 20:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Skillbrains
[2012/08/22 09:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\RankBuilderNEO
[2012/08/21 19:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\SN
[2012/08/14 19:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\bizarre creations
[2012/08/12 22:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\THQ
[2012/08/12 15:37:08 | 000,000,000 | ---D | C] -- D:\My Documents\Ubisoft
[2012/08/12 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Babel Rising
[2012/08/10 22:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/08/10 22:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
[2012/08/08 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\LOVE
[2012/08/04 05:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/28 21:03:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 20:07:28 | 001,182,305 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Virus change my Paypal , Ebay and Email passwords [$30 to any one - Geeks to Go Forums.mht
[2012/08/28 20:05:24 | 001,320,960 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2012/08/28 18:19:25 | 004,138,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/28 18:12:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/28 18:10:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2012/08/28 17:23:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 17:22:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/28 17:18:00 | 017,246,464 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/08/28 17:13:33 | 002,193,345 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2012/08/28 14:20:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/28 14:10:50 | 001,400,758 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1.bmp
[2012/08/28 13:46:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/28 13:45:49 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup322.exe
[2012/08/28 12:18:11 | 000,364,386 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SLT Router Settings.bmp
[2012/08/28 04:21:46 | 000,611,350 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Reports.zip
[2012/08/28 03:47:56 | 000,002,026 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/08/28 01:39:26 | 000,239,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Support ticket.png
[2012/08/27 11:04:36 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\User\SecurityKISSTunnel.config
[2012/08/27 10:14:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/27 02:01:45 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/08/26 23:03:46 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Reports.lnk
[2012/08/26 21:22:08 | 000,006,083 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Screenshot_1.jpg
[2012/08/26 16:15:04 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/08/26 16:14:35 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/08/26 10:22:00 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/08/25 19:05:29 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2012/08/24 09:21:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/08/23 21:57:17 | 004,475,264 | ---- | M] () -- D:\My Documents\Logo Types.jpg
[2012/08/23 10:45:43 | 000,305,334 | ---- | M] () -- D:\My Documents\Redeem magic Point.bmp
[2012/08/23 01:42:48 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2012/08/22 20:26:34 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\UserProducts.xml
[2012/08/21 17:19:39 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/20 17:33:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2012/08/12 01:53:00 | 004,675,803 | ---- | M] () -- D:\My Documents\timeanalsex3GP_e0a0_w_2.3gp
[2012/08/10 17:19:23 | 000,678,956 | ---- | M] () -- D:\My Documents\Skyline Car.jpg
[2012/08/04 22:20:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/28 20:07:27 | 001,182,305 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Virus change my Paypal , Ebay and Email passwords [$30 to any one - Geeks to Go Forums.mht
[2012/08/28 20:05:18 | 001,320,960 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2012/08/28 18:18:57 | 004,138,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/28 18:12:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/28 17:23:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 17:12:57 | 002,193,345 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2012/08/28 14:10:50 | 001,400,758 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1.bmp
[2012/08/28 13:46:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/28 12:18:11 | 000,364,386 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SLT Router Settings.bmp
[2012/08/28 04:21:46 | 000,611,350 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Reports.zip
[2012/08/28 01:39:17 | 000,239,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Support ticket.png
[2012/08/26 21:22:08 | 000,006,083 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Screenshot_1.jpg
[2012/08/23 21:57:17 | 004,475,264 | ---- | C] () -- D:\My Documents\Logo Types.jpg
[2012/08/23 10:45:43 | 000,305,334 | ---- | C] () -- D:\My Documents\Redeem magic Point.bmp
[2012/08/23 01:25:02 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2012/08/22 20:26:31 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\UserProducts.xml
[2012/08/12 01:50:13 | 004,675,803 | ---- | C] () -- D:\My Documents\timeanalsex3GP_e0a0_w_2.3gp
[2012/08/10 17:19:40 | 000,678,956 | ---- | C] () -- D:\My Documents\Skyline Car.jpg
[2012/07/24 18:43:37 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/07/24 18:43:31 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/07/24 18:41:50 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/07/15 16:34:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll
[2012/07/13 18:58:09 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/06/30 12:20:19 | 000,074,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341037210.bdinstall.bin
[2012/06/30 11:34:19 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.2952.bin
[2012/06/30 11:23:34 | 000,009,645 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.288.bin
[2012/06/30 11:23:34 | 000,008,478 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.708.bin
[2012/06/30 11:23:30 | 000,013,884 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.168.bin
[2012/06/30 11:23:30 | 000,007,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.352.bin
[2012/06/30 11:23:30 | 000,003,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.4084.bin
[2012/06/30 11:23:30 | 000,001,089 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.236.bin
[2012/06/30 11:23:30 | 000,001,089 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.212.bin
[2012/06/30 11:23:20 | 000,244,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.3272.bin
[2012/06/30 11:23:18 | 000,008,171 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.3900.bin
[2012/06/30 11:23:15 | 000,179,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.3812.bin
[2012/06/07 18:05:17 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012/04/13 20:12:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\EQ3D.ini
[2012/04/09 15:22:44 | 002,577,776 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2012/04/09 10:58:37 | 000,217,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333947356.bdinstall.bin
[2012/04/09 10:35:55 | 000,160,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333945908.bdinstall.bin
[2012/04/09 10:35:39 | 000,021,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333946134.bdinstall.bin
[2012/04/09 10:31:48 | 000,030,683 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333945907.bdinstall.bin
[2012/04/09 00:54:27 | 000,021,528 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911263.bdinstall.bin
[2012/04/09 00:53:41 | 000,021,361 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911217.bdinstall.bin
[2012/04/09 00:50:24 | 000,008,560 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.480.bin
[2012/04/09 00:50:24 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.1800.bin
[2012/04/09 00:50:24 | 000,001,462 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.3172.bin
[2012/04/09 00:50:23 | 000,037,327 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.3376.bin
[2012/04/08 20:12:34 | 001,189,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333886719.bdinstall.bin
[2012/04/08 15:25:51 | 000,207,810 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333876802.bdinstall.bin
[2012/04/07 14:35:08 | 000,002,026 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/04/07 09:37:14 | 000,135,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/29 21:00:26 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\User\Application Data\burnaware.ini
[2012/03/26 19:27:37 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\User\SecurityKISSTunnel.config
[2012/03/12 13:47:14 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/03/01 23:11:47 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2012/02/27 14:24:35 | 003,640,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-1343024091-725345543-1003-0.dat
[2012/02/20 04:49:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\Sx5363.ini
[2012/02/18 09:47:43 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\User\jagex_cl_runescape_LIVE.dat
[2012/02/18 09:47:43 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\User\random.dat
[2012/02/14 03:17:07 | 000,592,214 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/23 12:36:24 | 000,101,389 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327300490.bdinstall.bin
[2012/01/23 12:34:50 | 000,029,684 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327300489.bdinstall.bin
[2012/01/23 12:11:38 | 000,908,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327295356.bdinstall.bin
[2012/01/10 09:30:05 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\WebpageIcons.db
[2011/12/08 12:21:25 | 002,307,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/08 01:50:34 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 01:05:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/02 09:33:52 | 000,000,252 | ---- | C] () -- C:\WINDOWS\comsoltof.dll
[2011/11/24 11:07:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2011/11/23 17:11:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/11/20 19:07:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2011/11/20 19:07:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2011/11/20 19:07:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bsrlback.dll
[2011/11/20 19:07:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bsreffs.dll
[2011/11/20 19:07:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\bsrgvas.dll
[2011/11/20 19:07:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool2.dat
[2011/11/20 19:06:43 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2011/11/20 19:06:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2011/11/13 16:03:30 | 000,134,120 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2011/11/08 20:05:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\winecf83_va.dll
[2011/11/04 10:49:51 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2011/11/03 17:54:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/03 14:34:33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/03 14:34:33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/03 14:34:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/03 14:34:20 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/03 14:29:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/11/03 14:26:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/03 12:11:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 12:05:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 04:56:50 | 000,024,244 | ---- | C] () -- C:\Documents and Settings\User\Application Data\fix.dat

========== LOP Check ==========

[2011/12/05 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2011/12/15 11:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/08 19:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/02/25 18:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bimesoft
[2012/04/07 15:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DYA_JENITHPWDSSGROCHQ
[2012/04/23 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPS
[2012/04/07 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\framezoo.com
[2012/06/25 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/01/07 08:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2012/05/09 20:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaskMyIP
[2012/07/02 11:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTA San Andreas All
[2012/01/07 17:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2012/03/23 00:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlatinumHideIP
[2011/11/08 14:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/07/24 08:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com(2).adobe
[2012/03/12 13:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/20 11:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2011/11/23 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2012/03/24 23:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sincell
[2011/12/31 09:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2012/06/07 15:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Synetic
[2012/04/07 15:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/03/19 11:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A8354D97-4791-4302-9B19-7A7686B5F231}
[2011/11/12 09:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Opera
[2012/01/23 12:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2012/04/09 03:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\(null)
[2012/02/01 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\3DeadZed
[2011/12/19 00:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Affilorama
[2011/11/08 18:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Aleo Software
[2012/02/16 12:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Artisteer
[2011/12/05 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AutoHideIP
[2012/08/04 05:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG
[2012/08/28 21:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2012/01/22 14:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer
[2011/11/03 22:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer Pro
[2011/11/29 17:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bullet Train
[2012/07/22 22:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/09 09:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/08 02:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DeepBurner
[2012/03/04 09:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2012/04/07 15:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DYA_JENITHPWDSSGROCHQ
[2012/08/01 11:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EurekaLog
[2011/11/22 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EyesKeeper
[2012/03/21 21:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2012/04/07 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\framezoo.com
[2012/03/30 23:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/11/04 10:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2011/12/04 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HU2011
[2012/08/28 04:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IBP
[2012/03/30 16:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IFViewer
[2012/07/13 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IgniteSEO
[2012/02/26 11:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Immunet
[2011/12/07 18:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InfraRecorder
[2012/01/12 13:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IrfanView
[2012/04/08 12:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jycyep
[2012/04/12 21:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Keyword Research Pro
[2012/08/08 21:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LOVE
[2011/11/20 19:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam
[2012/04/07 02:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/05/09 20:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MaskMyIP
[2012/03/18 10:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MAXON
[2012/02/01 22:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Molura
[2011/12/29 09:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Movie Cartoonizer Default Project
[2011/12/15 11:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ObviousIdea
[2011/11/03 13:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2012/07/11 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2012/07/12 08:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PaRaMeter
[2012/03/23 00:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlatinumHideIP
[2012/01/23 11:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/11/23 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\River Past G5
[2012/03/05 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Rovio
[2012/03/18 01:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScrapeBox Link Checker Free Edition
[2012/07/12 07:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SimpleSEO
[2012/03/24 23:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sincell
[2012/06/16 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spiritsoft
[2012/01/20 00:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StarBurn
[2012/04/07 10:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StealthKeywordDigger
[2012/08/10 22:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
[2012/03/29 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall
[2012/07/14 13:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2012/06/15 10:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Titanium
[2012/01/09 04:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubot
[2012/02/27 11:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UBot Studio
[2012/04/04 14:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile1138848
[2012/04/04 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile1192131
[2012/01/12 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile1821437
[2012/04/04 14:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile2434676
[2012/01/09 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile9004520
[2012/03/21 17:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\wargaming.net
[2011/11/23 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Watermark Master
[2012/06/17 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WikiBomber
[2012/02/29 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinHKI
[2012/02/01 22:32:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\wyUpdate AU
[2012/03/23 09:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ylnoj
[2012/08/28 18:10:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 04:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 04:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2001/08/23 18:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2011/09/05 23:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe
[2004/08/04 04:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2011/12/07 18:17:01 | 000,001,602 | ---- | M] () MD5=CF3033AA7516223BEB0E9AE105C8CB06 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2001/08/23 18:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 04:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

========== Alternate Data Streams ==========

@Alternate Data Stream - 971 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPWHLX2KJ0V9TPNT4RFBHCM6JWJFSPF7VB4VPJGF
@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E74A38A2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA

< End of report >



Extras

OTL Extras logfile created on: 8/28/2012 9:24:50 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.88% Memory free
3.85 Gb Paging File | 3.55 Gb Available in Paging File | 92.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 20.91 Gb Free Space | 52.27% Space Free | Partition Type: NTFS
Drive D: | 63.99 Gb Total Space | 10.11 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 2.52 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
Drive F: | 38.13 Gb Total Space | 2.30 Gb Free Space | 6.03% Space Free | Partition Type: NTFS

Computer Name: DOOM3CXD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16880:UDP" = 16880:UDP:*:Enabled:UDP 16880
"19581:TCP" = 19581:TCP:*:Enabled:TCP 19581

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"F:\BitTorrent\BitTorrent.exe" = F:\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Disabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Documents and Settings\User\Application Data\Thinstall\Hotspot Shield 0.941\400000e900002i\Opera.exe" = C:\Documents and Settings\User\Application Data\Thinstall\Hotspot Shield 0.941\400000e900002i\Opera.exe:*:Enabled:Opera -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Disabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Jumpto\Chaos.exe" = C:\Program Files\Jumpto\Chaos.exe:*:Disabled:Chaos Runtime -- ()
"E:\Editer Pack\Audio\Converter\AudioConverter.exe" = E:\Editer Pack\Audio\Converter\AudioConverter.exe:*:Disabled:River Past Audio Converter Pro -- (River Past Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A59055-E819-4881-9BF6-9AB13C05C44F}_is1" = Easy Auto Spinner version 1.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1" = Paint XP version 1.1
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1" = Rainbow Folders
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-2.6.5.55
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DD66600-791E-4A11-8E6C-2AB6AFB9C809}" = Tukanas Hits Generator
"{3F424493-B0F2-43A4-A892-DFA447B2A59D}" = STK02N 2.4.1
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{844D3882-9D82-4FCB-BED9-0862D05DAA6C}" = Comment Blaster
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910772F0-99D0-4476-B38F-95FC03B8A246}" = SEO Link Robot Pro 2.2.0.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62233FD-C1D9-4AA5-8E91-A1FB0376A1E0}" = Jumpto
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Babel Rising_is1" = Babel Rising
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"BSRScreenRecorder5" = BSR Screen Recorder 5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crash Time 4 - The Syndicate_is1" = Crash Time 4 - The Syndicate
"Defraggler" = Defraggler
"eToro" = eToro
"FormatFactory" = FormatFactory 2.70
"Foxit PDF Editor" = Foxit PDF Editor
"FxEngine_Framework_is1" = FxEngine Framework 4.8
"Google Chrome" = Google Chrome
"IBP11_is1" = IBP 11.9.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"Jumpto" = Jumpto
"Magic Traffic Bot" = Magic Traffic Bot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"NetWorx_is1" = NetWorx 5.2.1
"No Hands SEO" = No Hands SEO
"OpenAL" = OpenAL
"Opera 11.64.1403" = Opera 11.64
"Opera 12.01.1532" = Opera 12.01
"PaRaMeter_is1" = PaRaMeter 1.3
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RankBuilderNEO_is1" = RankBuilderNEO
"Sandboxie" = Sandboxie 3.66 (32-bit)
"Super-AlexaBooster Full" = Super-AlexaBooster v1.10
"UltraISO_is1" = UltraISO Premium V9.52
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 2.0.0
"WackGet" = WackGet (remove only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WatermarkMaster" = Watermark Master (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2012 12:33:35 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/8/2012 2:13:36 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/8/2012 2:37:32 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/8/2012 8:04:50 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/8/2012 12:10:18 PM | Computer Name = NEW63 | Source = Application Error | ID = 1000
Description = Faulting application ir-idmaker.exe, version 3.2.0.59, faulting module
msvbvm60.dll, version 6.0.98.15, fault address 0x000d92fe.

Error - 4/8/2012 12:10:26 PM | Computer Name = NEW63 | Source = Application Error | ID = 1000
Description = Faulting application ir-idmaker.exe, version 3.2.0.59, faulting module
msvbvm60.dll, version 6.0.98.15, fault address 0x000e46c5.

Error - 4/8/2012 1:33:19 PM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/8/2012 1:48:24 PM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/8/2012 11:22:19 PM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/9/2012 12:28:39 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 8/28/2012 7:55:20 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 8/28/2012 8:20:35 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/01/07 08:32:01] service failed to start due
to the following error: %%3

Error - 8/28/2012 8:20:35 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 8/28/2012 9:19:37 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/01/07 08:32:01] service failed to start due
to the following error: %%3

Error - 8/28/2012 9:19:37 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 8/28/2012 10:27:50 AM | Computer Name = DOOM3CXD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 8/28/2012 10:29:15 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/01/07 08:32:01] service failed to start due
to the following error: %%3

Error - 8/28/2012 10:29:15 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 8/28/2012 11:03:25 AM | Computer Name = DOOM3CXD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 8/28/2012 11:04:50 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

Sorry for 2 threads! Can access the last account

* I know where i infect, I can give it if you want that to help me :)

SUPERAntiSpyware Show 12 treats --> Removed --> Reboot --> Scan again --> same 12 virus back
Malwarebytes Show 9 treats --> Removed --> Reboot --> Scan again --> same 9 virus back
ks pure 2.0 Show 20 treats --> Removed --> Reboot --> Scan again --> same 20 virus back
TDSSKiller Show 3 treats --> Removed --> Reboot --> Scan again --> same 3 virus back

Edited by amicusthe, 28 August 2012 - 10:49 AM.

  • 0

Advertisements

#2
ali.B
Posted 28 August 2012 - 12:38 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 1

#3
amicusthe
Posted 28 August 2012 - 02:51 PM

amicusthe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It didn't reboot. Do i have to reboot? Here is the log

ComboFix 12-08-28.03 - User 08/29/2012 2:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1461 [GMT 6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1327295356.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327300489.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327300490.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333876802.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333886719.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333911023.1800.bin
c:\documents and settings\All Users\Application Data\1333911023.3172.bin
c:\documents and settings\All Users\Application Data\1333911023.3376.bin
c:\documents and settings\All Users\Application Data\1333911023.480.bin
c:\documents and settings\All Users\Application Data\1333911217.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333911263.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333945907.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333945908.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333946134.bdinstall.bin
c:\documents and settings\All Users\Application Data\1333947356.bdinstall.bin
c:\documents and settings\All Users\Application Data\1341033795.168.bin
c:\documents and settings\All Users\Application Data\1341033795.212.bin
c:\documents and settings\All Users\Application Data\1341033795.236.bin
c:\documents and settings\All Users\Application Data\1341033795.288.bin
c:\documents and settings\All Users\Application Data\1341033795.2952.bin
c:\documents and settings\All Users\Application Data\1341033795.3272.bin
c:\documents and settings\All Users\Application Data\1341033795.352.bin
c:\documents and settings\All Users\Application Data\1341033795.3812.bin
c:\documents and settings\All Users\Application Data\1341033795.3900.bin
c:\documents and settings\All Users\Application Data\1341033795.4084.bin
c:\documents and settings\All Users\Application Data\1341033795.708.bin
c:\documents and settings\All Users\Application Data\1341037210.bdinstall.bin
c:\documents and settings\All Users\Application Data\DYA_JENITHPWDSSGROCHQ
c:\documents and settings\All Users\Application Data\DYA_JENITHPWDSSGROCHQ\1.0.0\Data\app.dat
c:\documents and settings\All Users\Application Data\DYA_JENITHPWDSSGROCHQ\1.0.0\Data\updates.dat
c:\documents and settings\User\Application Data\DYA_JENITHPWDSSGROCHQ
c:\documents and settings\User\Application Data\DYA_JENITHPWDSSGROCHQ\1.0.0\Data\dya.dat
c:\documents and settings\User\Application Data\Love
c:\documents and settings\User\Application Data\Love\mari0\mappacks\smb\1-1.txt
c:\documents and settings\User\Application Data\Love\mari0\options.txt
c:\documents and settings\User\Application Data\ubot
c:\documents and settings\User\Application Data\ubotcompile1138848
c:\documents and settings\User\Application Data\ubotcompile1138848\bot.exe
c:\documents and settings\User\Application Data\ubotcompile1192131
c:\documents and settings\User\Application Data\ubotcompile1192131\bot.exe
c:\documents and settings\User\Application Data\ubotcompile1821437
c:\documents and settings\User\Application Data\ubotcompile1821437\bot.exe
c:\documents and settings\User\Application Data\ubotcompile2434676
c:\documents and settings\User\Application Data\ubotcompile2434676\bot.exe
c:\documents and settings\User\Application Data\ubotcompile9004520
c:\documents and settings\User\Application Data\ubotcompile9004520\bot.exe
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@PROGRAMFILES@\COMMON~1\MICROS~1\DW\DW20.EXE
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@SYSTEM@\NOTEPAD.EXE
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Manifests\compile.exe_0x9543C661C950B6BF49B0E80F891065C8.1.manifest
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\[email protected]\MyApplication.app.manifest
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\[email protected]\[email protected]
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\[email protected]\Xenocode.VMX.manifest
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\[email protected]\[email protected]
c:\documents and settings\User\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\XRegistry.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 17:56 . 2012-08-28 19:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-28 17:56 . 2012-08-28 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-28 11:24 . 2012-08-28 11:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-08-28 11:23 . 2012-08-28 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-28 11:23 . 2012-07-03 07:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 11:23 . 2012-08-28 11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-28 07:46 . 2012-08-28 07:46 -------- d-----w- c:\program files\CCleaner
2012-08-27 06:23 . 2012-08-27 06:23 -------- d-----r- C:\Backup
2012-08-27 06:21 . 2009-12-14 06:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-08-27 06:21 . 2009-12-14 06:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-08-27 04:30 . 2012-01-19 02:23 339320 ----a-w- c:\windows\system32\HMIPCore.dll
2012-08-22 18:09 . 2012-08-22 18:09 -------- d-s---w- c:\documents and settings\NetworkService\IETldCache
2012-08-22 14:26 . 2012-08-22 14:26 -------- d-----w- c:\program files\Skillbrains
2012-08-22 14:26 . 2012-08-22 14:26 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skillbrains
2012-08-22 03:38 . 2012-08-22 03:41 -------- d-----w- c:\program files\RankBuilderNEO
2012-08-15 12:52 . 2012-08-15 12:52 -------- d-s---w- c:\documents and settings\Guest\IETldCache
2012-08-14 13:48 . 2012-08-14 13:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\bizarre creations
2012-08-12 16:19 . 2012-08-12 16:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\THQ
2012-08-10 16:19 . 2012-08-10 16:19 -------- d-----w- c:\program files\SystemRequirementsLab
2012-08-10 16:19 . 2012-08-10 16:19 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
2012-08-03 23:02 . 2012-08-03 23:03 -------- d-----w- c:\documents and settings\User\Application Data\AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 10:15 . 2012-07-24 12:43 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-26 10:14 . 2012-07-24 12:43 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-26 10:14 . 2011-11-03 10:50 270240 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-26 04:22 . 2012-07-24 12:43 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-25 13:05 . 2012-03-01 17:11 138056 -c--a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2012-08-25 13:05 . 2012-07-24 12:41 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-18 02:21 . 2012-04-01 01:35 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 02:21 . 2011-11-03 10:59 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-20 10:00 . 2012-04-09 09:22 2577776 -c--a-w- c:\windows\system32\pbsvc_heroes.exe
2012-07-15 10:34 . 2012-07-15 10:34 5632 ----a-w- c:\windows\system32\BReWErS.dll
2012-07-13 12:58 . 2012-07-13 12:58 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-06-07 12:26 . 2012-06-07 12:05 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2012-07-18 10:51 . 2012-04-20 15:10 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2005-01-07 . 61CA4BCD40DC203C696590091B3C6D9B . 438784 . . [1.0601.5022.8] . . c:\windows\system32\usp10.dll
[-] 2005-01-07 . 61CA4BCD40DC203C696590091B3C6D9B . 438784 . . [1.0601.5022.8] . . c:\windows\system32\dllcache\usp10.dll
[7] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtUninstallSinhala$\usp10.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="f:\bittorrent\BitTorrent.exe" [2012-06-20 6078360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2011-12-02 3284992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SinhalaKit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SinhalaKit.lnk
backup=c:\windows\pss\SinhalaKit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SinhalaTamil Kit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SinhalaTamil Kit.lnk
backup=c:\windows\pss\SinhalaTamil Kit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SLTNet Ocw Phone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SLTNet Ocw Phone.lnk
backup=c:\windows\pss\SLTNet Ocw Phone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^scvhost.exe]
path=c:\documents and settings\User\Start Menu\Programs\Startup\scvhost.exe
backup=c:\windows\pss\scvhost.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 06:55 937920 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 -c--a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 21:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 22:57 406992 -c--a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 12:43 69632 -c--a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]
2012-06-20 01:29 6078360 ----a-w- f:\bittorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot]
2012-02-02 16:14 195072 ----a-w- c:\documents and settings\User\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-24 22:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 -c--a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-13 08:49 16377344 -c--a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-03-22 10:14 452880 -c--a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 05:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"wuauserv"=2 (0x2)
"Spooler"=2 (0x2)
"ERSvc"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"YahooAUService"=2 (0x2)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"CyberLink PowerDVD 11.0 Service"=2 (0x2)
"CyberLink PowerDVD 11.0 Monitor Service"=2 (0x2)
"CLHNServiceForPowerDVD"=2 (0x2)
"gusvc"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"SwitchBoard"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"Steam Client Service"=3 (0x3)
"wscsvc"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"PnkBstrA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"f:\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Thinstall\\Hotspot Shield 0.941\\400000e900002i\\Opera.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Jumpto\\Chaos.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Editer Pack\\Audio\\Converter\\AudioConverter.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16880:UDP"= 16880:UDP:UDP 16880
"19581:TCP"= 19581:TCP:TCP 19581
.
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [6/30/2012 11:23 AM 154464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/28/2012 5:23 PM 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/28/2012 5:23 PM 22344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/3/2011 2:34 PM 119656]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [3/5/2012 12:00 PM 101520]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 2:58 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 2:58 PM 136176]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11/3/2011 2:35 PM 2253120]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 1:30 PM 158856]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-03-28 17:05]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fastestwebsearch.com/search?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Fastest
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://fastestwebsearch.com/search?q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10393479.sys
SafeBoot-28767448.sys
SafeBoot-88606068.sys
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-RelevantKnowledge - c:\program files\relevantknowledge\rlvknlg.exe
MSConfigStartUp-RemoteControl11 - c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe
MSConfigStartUp-Steam - d:\steam\steam.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSConfigStartUp-ToolwizCareFree - c:\program files\ToolwizCareFree\ToolwizCares.exe
MSConfigStartUp-TrafficTravisv4 - c:\documents and settings\User\Application Data\Traffic Travis v4\TrafficTravisV4.exe
MSConfigStartUp-urlspace - d:\urgent\Active Earning Works\Fiverr\Gigs List\Fake Traffic\Traffic Tools\China Traffic Bot.exe
MSConfigStartUp-vEmotion - c:\program files\freebird\vEmotion\vEmotion.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 02:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-29 02:13:42
ComboFix-quarantined-files.txt 2012-08-28 20:13
.
Pre-Run: 22,570,196,992 bytes free
Post-Run: 22,522,441,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E4724B1B7BC05693C3540174B34C8C6E
  • 0

#4
ali.B
Posted 28 August 2012 - 11:33 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

FCopy::
c:\windows\ServicePackFiles\i386\usp10.dll | c:\windows\system32\dllcache\usp10.dll
c:\windows\ServicePackFiles\i386\usp10.dll | c:\windows\system32\usp10.dll

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 1

#5
amicusthe
Posted 29 August 2012 - 12:50 AM

amicusthe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix

ComboFix 12-08-28.03 - User 08/29/2012 11:58:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1334 [GMT 6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\usp10.dll --> c:\windows\system32\dllcache\usp10.dll
c:\windows\ServicePackFiles\i386\usp10.dll --> c:\windows\system32\usp10.dll
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 04:49 . 2012-08-29 04:49 -------- d-----w- c:\windows\LastGood
2012-08-28 17:56 . 2012-08-29 04:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-28 17:56 . 2012-08-28 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-28 11:24 . 2012-08-28 11:24 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2012-08-28 11:23 . 2012-08-28 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-28 11:23 . 2012-07-03 07:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 11:23 . 2012-08-28 11:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-28 07:46 . 2012-08-28 07:46 -------- d-----w- c:\program files\CCleaner
2012-08-27 06:23 . 2012-08-27 06:23 -------- d-----r- C:\Backup
2012-08-27 06:21 . 2009-12-14 06:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-08-27 06:21 . 2009-12-14 06:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2012-08-27 04:30 . 2012-01-19 02:23 339320 ----a-w- c:\windows\system32\HMIPCore.dll
2012-08-22 18:09 . 2012-08-22 18:09 -------- d-s---w- c:\documents and settings\NetworkService\IETldCache
2012-08-22 14:26 . 2012-08-22 14:26 -------- d-----w- c:\program files\Skillbrains
2012-08-22 14:26 . 2012-08-22 14:26 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Skillbrains
2012-08-22 03:38 . 2012-08-22 03:41 -------- d-----w- c:\program files\RankBuilderNEO
2012-08-15 12:52 . 2012-08-15 12:52 -------- d-s---w- c:\documents and settings\Guest\IETldCache
2012-08-14 13:48 . 2012-08-14 13:48 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\bizarre creations
2012-08-12 16:19 . 2012-08-12 16:19 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\THQ
2012-08-10 16:19 . 2012-08-10 16:19 -------- d-----w- c:\program files\SystemRequirementsLab
2012-08-10 16:19 . 2012-08-10 16:19 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
2012-08-03 23:02 . 2012-08-03 23:03 -------- d-----w- c:\documents and settings\User\Application Data\AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 10:15 . 2012-07-24 12:43 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-26 10:14 . 2012-07-24 12:43 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-26 10:14 . 2011-11-03 10:50 270240 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-26 04:22 . 2012-07-24 12:43 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-25 13:05 . 2012-03-01 17:11 138056 -c--a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2012-08-25 13:05 . 2012-07-24 12:41 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-18 02:21 . 2012-04-01 01:35 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 02:21 . 2011-11-03 10:59 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-20 10:00 . 2012-04-09 09:22 2577776 -c--a-w- c:\windows\system32\pbsvc_heroes.exe
2012-07-15 10:34 . 2012-07-15 10:34 5632 ----a-w- c:\windows\system32\BReWErS.dll
2012-07-13 12:58 . 2012-07-13 12:58 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-06-07 12:26 . 2012-06-07 12:05 43520 -c--a-w- c:\windows\system32\CmdLineExt03.dll
2012-06-02 09:19 . 2009-08-06 13:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 09:19 . 2011-11-03 06:06 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 09:19 . 2011-11-03 06:06 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 09:19 . 2011-11-03 06:06 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 09:19 . 2009-08-06 13:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 09:19 . 2011-11-03 06:06 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 09:19 . 2009-08-06 13:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 09:19 . 2004-08-03 22:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 09:19 . 2009-08-06 13:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 09:19 . 2011-11-03 06:06 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 09:19 . 2011-11-03 06:06 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-18 10:51 . 2012-04-20 15:10 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-28_20.11.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-29 04:49 . 2012-06-02 09:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-08-29 04:49 . 2012-06-02 09:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2011-11-03 06:06 . 2012-06-02 09:19 53784 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-03 22:56 . 2012-06-02 09:19 97304 c:\windows\system32\dllcache\cdm.dll
+ 2012-08-29 04:49 . 2009-08-06 13:24 44768 c:\windows\LastGood\system32\wups2.dll
+ 2012-08-29 04:49 . 2009-08-06 13:24 35552 c:\windows\LastGood\system32\wups.dll
+ 2012-08-29 04:49 . 2009-08-06 13:24 53472 c:\windows\LastGood\system32\wuauclt.exe
+ 2012-08-29 04:49 . 2009-08-06 13:24 96480 c:\windows\LastGood\system32\cdm.dll
+ 2011-11-03 06:06 . 2012-06-02 09:19 210968 c:\windows\system32\dllcache\wuweb.dll
+ 2011-11-03 06:06 . 2012-06-02 09:19 329240 c:\windows\system32\dllcache\wucltui.dll
+ 2011-11-03 06:06 . 2012-06-02 09:19 577048 c:\windows\system32\dllcache\wuapi.dll
+ 2012-08-29 04:49 . 2009-08-06 13:24 209632 c:\windows\LastGood\system32\wuweb.dll
+ 2012-08-29 04:49 . 2009-08-06 13:24 327896 c:\windows\LastGood\system32\wucltui.dll
+ 2012-08-29 04:49 . 2009-08-06 13:23 575704 c:\windows\LastGood\system32\wuapi.dll
+ 2011-11-03 06:06 . 2012-06-02 09:19 1933848 c:\windows\system32\dllcache\wuaueng.dll
+ 2012-08-29 04:49 . 2009-08-06 13:23 1929952 c:\windows\LastGood\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="f:\bittorrent\BitTorrent.exe" [2012-06-20 6078360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2011-12-02 3284992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SinhalaKit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SinhalaKit.lnk
backup=c:\windows\pss\SinhalaKit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SinhalaTamil Kit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SinhalaTamil Kit.lnk
backup=c:\windows\pss\SinhalaTamil Kit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SLTNet Ocw Phone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SLTNet Ocw Phone.lnk
backup=c:\windows\pss\SLTNet Ocw Phone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^scvhost.exe]
path=c:\documents and settings\User\Start Menu\Programs\Startup\scvhost.exe
backup=c:\windows\pss\scvhost.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 06:55 937920 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 -c--a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 21:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-21 22:57 406992 -c--a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 12:43 69632 -c--a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]
2012-06-20 01:29 6078360 ----a-w- f:\bittorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot]
2012-02-02 16:14 195072 ----a-w- c:\documents and settings\User\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-24 22:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 -c--a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 -c--a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 -c--a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-06-13 08:49 16377344 -c--a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-03-22 10:14 452880 -c--a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 05:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"wuauserv"=2 (0x2)
"Spooler"=2 (0x2)
"ERSvc"=2 (0x2)
"nvUpdatusService"=2 (0x2)
"NVSvc"=2 (0x2)
"YahooAUService"=2 (0x2)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"CyberLink PowerDVD 11.0 Service"=2 (0x2)
"CyberLink PowerDVD 11.0 Monitor Service"=2 (0x2)
"CLHNServiceForPowerDVD"=2 (0x2)
"gusvc"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"SwitchBoard"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"Steam Client Service"=3 (0x3)
"wscsvc"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"PnkBstrA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"f:\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Thinstall\\Hotspot Shield 0.941\\400000e900002i\\Opera.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Jumpto\\Chaos.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Editer Pack\\Audio\\Converter\\AudioConverter.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16880:UDP"= 16880:UDP:UDP 16880
"19581:TCP"= 19581:TCP:TCP 19581
.
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [6/30/2012 11:23 AM 154464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/28/2012 5:23 PM 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/28/2012 5:23 PM 22344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [11/3/2011 2:34 PM 119656]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [3/5/2012 12:00 PM 101520]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 2:58 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2011 2:58 PM 136176]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11/3/2011 2:35 PM 2253120]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 1:30 PM 158856]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-03-28 17:05]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fastestwebsearch.com/search?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Fastest
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://fastestwebsearch.com/search?q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 12:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2408)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-08-29 12:07:20
ComboFix-quarantined-files.txt 2012-08-29 06:07
ComboFix2.txt 2012-08-28 20:13
.
Pre-Run: 22,524,002,304 bytes free
Post-Run: 22,502,752,256 bytes free
.
- - End Of File - - BA75ED7A18B72935CA3EA3EABBE8B352



TDSS killer

12:10:39.0328 0264 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:10:39.0437 0264 ============================================================
12:10:39.0437 0264 Current date / time: 2012/08/29 12:10:39.0437
12:10:39.0437 0264 SystemInfo:
12:10:39.0437 0264
12:10:39.0437 0264 OS Version: 5.1.2600 ServicePack: 3.0
12:10:39.0437 0264 Product type: Workstation
12:10:39.0437 0264 ComputerName: DOOM3CXD
12:10:39.0437 0264 UserName: User
12:10:39.0437 0264 Windows directory: C:\WINDOWS
12:10:39.0437 0264 System windows directory: C:\WINDOWS
12:10:39.0437 0264 Processor architecture: Intel x86
12:10:39.0437 0264 Number of processors: 2
12:10:39.0437 0264 Page size: 0x1000
12:10:39.0437 0264 Boot type: Normal boot
12:10:39.0437 0264 ============================================================
12:10:41.0140 0264 BG loaded
12:10:42.0640 0264 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:10:42.0718 0264 ============================================================
12:10:42.0718 0264 \Device\Harddisk0\DR0:
12:10:42.0718 0264 MBR partitions:
12:10:42.0718 0264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
12:10:42.0718 0264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5001525, BlocksNum 0x7FFD5E3
12:10:42.0765 0264 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCFFEB47, BlocksNum 0x13FE59A
12:10:43.0218 0264 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xE3FD120, BlocksNum 0x4C444B3
12:10:43.0218 0264 ============================================================
12:10:43.0437 0264 C: <-> \Device\Harddisk0\DR0\Partition1
12:10:43.0625 0264 D: <-> \Device\Harddisk0\DR0\Partition2
12:10:43.0796 0264 E: <-> \Device\Harddisk0\DR0\Partition3
12:10:44.0421 0264 F: <-> \Device\Harddisk0\DR0\Partition4
12:10:44.0421 0264 ============================================================
12:10:44.0421 0264 Initialize success
12:10:44.0421 0264 ============================================================
12:10:53.0687 1692 ============================================================
12:10:53.0687 1692 Scan started
12:10:53.0687 1692 Mode: Manual; SigCheck; TDLFS;
12:10:53.0687 1692 ============================================================
12:10:54.0703 1692 ================ Scan system memory ========================
12:10:54.0703 1692 System memory - ok
12:10:54.0703 1692 ================ Scan services =============================
12:10:55.0015 1692 Abiosdsk - ok
12:10:55.0031 1692 abp480n5 - ok
12:10:55.0140 1692 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:10:56.0015 1692 ACPI - ok
12:10:56.0062 1692 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:10:56.0328 1692 ACPIEC - ok
12:10:56.0343 1692 adpu160m - ok
12:10:56.0375 1692 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:10:56.0718 1692 aec - ok
12:10:56.0812 1692 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:10:57.0093 1692 AFD - ok
12:10:57.0109 1692 Aha154x - ok
12:10:57.0109 1692 aic78u2 - ok
12:10:57.0125 1692 aic78xx - ok
12:10:57.0171 1692 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:10:57.0437 1692 Alerter - ok
12:10:57.0453 1692 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:10:57.0734 1692 ALG - ok
12:10:57.0750 1692 AliIde - ok
12:10:57.0765 1692 amsint - ok
12:10:57.0796 1692 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:10:58.0078 1692 AppMgmt - ok
12:10:58.0093 1692 asc - ok
12:10:58.0093 1692 asc3350p - ok
12:10:58.0125 1692 asc3550 - ok
12:10:58.0312 1692 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:10:58.0453 1692 aspnet_state - ok
12:10:58.0468 1692 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:10:58.0828 1692 AsyncMac - ok
12:10:58.0890 1692 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:10:59.0218 1692 atapi - ok
12:10:59.0234 1692 Atdisk - ok
12:10:59.0265 1692 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:10:59.0625 1692 Atmarpc - ok
12:10:59.0671 1692 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:11:00.0031 1692 AudioSrv - ok
12:11:00.0062 1692 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:11:00.0343 1692 audstub - ok
12:11:00.0531 1692 [ 042941C8E50F38E34C3C345F45E16CF3 ] bdselfpr C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys
12:11:00.0578 1692 bdselfpr - ok
12:11:00.0609 1692 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:11:00.0812 1692 Beep - ok
12:11:00.0921 1692 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:11:01.0265 1692 BITS - ok
12:11:01.0296 1692 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
12:11:01.0546 1692 Browser - ok
12:11:01.0640 1692 catchme - ok
12:11:01.0671 1692 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:11:01.0890 1692 cbidf2k - ok
12:11:01.0921 1692 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:11:02.0140 1692 CCDECODE - ok
12:11:02.0156 1692 cd20xrnt - ok
12:11:02.0171 1692 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:11:02.0406 1692 Cdaudio - ok
12:11:02.0437 1692 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:11:02.0625 1692 Cdfs - ok
12:11:02.0656 1692 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:11:02.0828 1692 Cdrom - ok
12:11:02.0828 1692 Changer - ok
12:11:02.0859 1692 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:11:03.0031 1692 CiSvc - ok
12:11:03.0046 1692 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:11:03.0203 1692 ClipSrv - ok
12:11:03.0234 1692 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:11:03.0250 1692 clr_optimization_v2.0.50727_32 - ok
12:11:03.0281 1692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:11:03.0343 1692 clr_optimization_v4.0.30319_32 - ok
12:11:03.0343 1692 CmdIde - ok
12:11:03.0359 1692 COMSysApp - ok
12:11:03.0375 1692 Cpqarray - ok
12:11:03.0421 1692 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:11:03.0578 1692 CryptSvc - ok
12:11:03.0578 1692 dac2w2k - ok
12:11:03.0593 1692 dac960nt - ok
12:11:03.0625 1692 [ 3835FF5A08C4474142814F3DB5CD4CA4 ] DCamUSBSTK02N C:\WINDOWS\system32\DRIVERS\STK02NW2.sys
12:11:03.0687 1692 DCamUSBSTK02N - ok
12:11:03.0750 1692 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:11:03.0906 1692 DcomLaunch - ok
12:11:03.0937 1692 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:11:04.0093 1692 Dhcp - ok
12:11:04.0109 1692 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:11:04.0265 1692 Disk - ok
12:11:04.0281 1692 dmadmin - ok
12:11:04.0312 1692 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:11:04.0500 1692 dmboot - ok
12:11:04.0531 1692 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:11:04.0671 1692 dmio - ok
12:11:04.0703 1692 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:11:04.0859 1692 dmload - ok
12:11:04.0890 1692 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:11:05.0031 1692 dmserver - ok
12:11:05.0062 1692 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:11:05.0218 1692 DMusic - ok
12:11:05.0250 1692 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:11:05.0390 1692 Dnscache - ok
12:11:05.0437 1692 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:11:05.0593 1692 Dot3svc - ok
12:11:05.0593 1692 dpti2o - ok
12:11:05.0625 1692 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:11:05.0781 1692 drmkaud - ok
12:11:05.0781 1692 EagleNT - ok
12:11:05.0812 1692 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:11:05.0953 1692 EapHost - ok
12:11:05.0968 1692 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:11:06.0171 1692 ERSvc - ok
12:11:06.0218 1692 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe
12:11:06.0437 1692 Eventlog - ok
12:11:06.0484 1692 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll
12:11:06.0718 1692 EventSystem - ok
12:11:06.0750 1692 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:11:06.0890 1692 Fastfat - ok
12:11:06.0921 1692 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:11:07.0062 1692 FastUserSwitchingCompatibility - ok
12:11:07.0093 1692 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:11:07.0250 1692 Fdc - ok
12:11:07.0281 1692 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:11:07.0437 1692 Fips - ok
12:11:07.0453 1692 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:11:07.0593 1692 Flpydisk - ok
12:11:07.0640 1692 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:11:07.0781 1692 FltMgr - ok
12:11:07.0843 1692 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:11:07.0859 1692 FontCache3.0.0.0 - ok
12:11:07.0875 1692 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:11:08.0031 1692 Fs_Rec - ok
12:11:08.0046 1692 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:11:08.0203 1692 Ftdisk - ok
12:11:08.0234 1692 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:11:08.0390 1692 Gpc - ok
12:11:08.0437 1692 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:11:08.0453 1692 gupdate - ok
12:11:08.0468 1692 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:11:08.0484 1692 gupdatem - ok
12:11:08.0515 1692 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:11:08.0531 1692 gusvc - ok
12:11:08.0562 1692 [ 36E2FD64A7C47A2C5D827D86837E5DBD ] gzflt C:\WINDOWS\system32\DRIVERS\gzflt.sys
12:11:08.0578 1692 gzflt - ok
12:11:08.0593 1692 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:11:08.0750 1692 HDAudBus - ok
12:11:08.0812 1692 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:11:08.0968 1692 helpsvc - ok
12:11:09.0000 1692 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:11:09.0156 1692 HidServ - ok
12:11:09.0187 1692 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:11:09.0328 1692 HidUsb - ok
12:11:09.0375 1692 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:11:09.0515 1692 hkmsvc - ok
12:11:09.0515 1692 hpn - ok
12:11:09.0546 1692 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:11:09.0718 1692 HTTP - ok
12:11:09.0734 1692 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:11:09.0890 1692 HTTPFilter - ok
12:11:09.0890 1692 i2omgmt - ok
12:11:09.0906 1692 i2omp - ok
12:11:09.0937 1692 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:11:10.0078 1692 i8042prt - ok
12:11:10.0125 1692 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:11:10.0187 1692 idsvc - ok
12:11:10.0218 1692 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:11:10.0359 1692 Imapi - ok
12:11:10.0390 1692 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:11:10.0546 1692 ImapiService - ok
12:11:10.0562 1692 ini910u - ok
12:11:10.0703 1692 [ 9F6320E7B0C43E4E5693E1515BA5595C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:11:10.0890 1692 IntcAzAudAddService - ok
12:11:10.0906 1692 IntelIde - ok
12:11:10.0921 1692 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:11:11.0062 1692 intelppm - ok
12:11:11.0093 1692 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:11:11.0250 1692 Ip6Fw - ok
12:11:11.0281 1692 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:11:11.0437 1692 IpFilterDriver - ok
12:11:11.0453 1692 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:11:11.0890 1692 IpInIp - ok
12:11:11.0906 1692 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:11:12.0062 1692 IpNat - ok
12:11:12.0078 1692 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:11:12.0234 1692 IPSec - ok
12:11:12.0265 1692 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:11:12.0406 1692 IRENUM - ok
12:11:12.0437 1692 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:11:12.0593 1692 isapnp - ok
12:11:12.0640 1692 [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
12:11:12.0656 1692 ISODrive - ok
12:11:12.0703 1692 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:11:12.0718 1692 JavaQuickStarterService - ok
12:11:12.0734 1692 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:11:12.0875 1692 Kbdclass - ok
12:11:12.0906 1692 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:11:13.0062 1692 kbdhid - ok
12:11:13.0078 1692 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:11:13.0234 1692 kmixer - ok
12:11:13.0250 1692 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:11:13.0406 1692 KSecDD - ok
12:11:13.0421 1692 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:11:13.0562 1692 lanmanserver - ok
12:11:13.0593 1692 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:11:13.0765 1692 lanmanworkstation - ok
12:11:13.0765 1692 lbrtfdc - ok
12:11:13.0796 1692 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:11:13.0953 1692 LmHosts - ok
12:11:13.0984 1692 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:11:14.0000 1692 MBAMProtector - ok
12:11:14.0062 1692 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:11:14.0093 1692 MBAMService - ok
12:11:14.0109 1692 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:11:14.0265 1692 Messenger - ok
12:11:14.0296 1692 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:11:14.0453 1692 mnmdd - ok
12:11:14.0484 1692 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:11:14.0625 1692 mnmsrvc - ok
12:11:14.0656 1692 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:11:14.0796 1692 Modem - ok
12:11:14.0828 1692 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:11:14.0968 1692 Mouclass - ok
12:11:15.0000 1692 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:11:15.0156 1692 mouhid - ok
12:11:15.0187 1692 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:11:15.0328 1692 MountMgr - ok
12:11:15.0343 1692 mraid35x - ok
12:11:15.0359 1692 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:11:15.0515 1692 MRxDAV - ok
12:11:15.0546 1692 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:11:15.0703 1692 MRxSmb - ok
12:11:15.0734 1692 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:11:15.0859 1692 MSDTC - ok
12:11:15.0890 1692 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:11:16.0031 1692 Msfs - ok
12:11:16.0046 1692 MSIServer - ok
12:11:16.0078 1692 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:11:16.0234 1692 MSKSSRV - ok
12:11:16.0250 1692 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:11:16.0390 1692 MSPCLOCK - ok
12:11:16.0421 1692 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:11:16.0578 1692 MSPQM - ok
12:11:16.0593 1692 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:11:16.0734 1692 mssmbios - ok
12:11:16.0765 1692 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:11:16.0906 1692 MSTEE - ok
12:11:16.0921 1692 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:11:17.0062 1692 Mup - ok
12:11:17.0078 1692 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:11:17.0250 1692 NABTSFEC - ok
12:11:17.0281 1692 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:11:17.0437 1692 napagent - ok
12:11:17.0468 1692 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:11:17.0625 1692 NDIS - ok
12:11:17.0640 1692 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:11:17.0781 1692 NdisIP - ok
12:11:17.0796 1692 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:11:17.0953 1692 NdisTapi - ok
12:11:17.0968 1692 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:11:18.0125 1692 Ndisuio - ok
12:11:18.0125 1692 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:11:18.0281 1692 NdisWan - ok
12:11:18.0312 1692 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:11:18.0468 1692 NDProxy - ok
12:11:18.0484 1692 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:11:18.0625 1692 NetBIOS - ok
12:11:18.0671 1692 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:11:18.0812 1692 NetBT - ok
12:11:18.0843 1692 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:11:18.0984 1692 NetDDE - ok
12:11:18.0984 1692 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:11:19.0125 1692 NetDDEdsdm - ok
12:11:19.0156 1692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:11:19.0296 1692 Netlogon - ok
12:11:19.0312 1692 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:11:19.0468 1692 Netman - ok
12:11:19.0500 1692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:11:19.0531 1692 NetTcpPortSharing - ok
12:11:19.0546 1692 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll
12:11:19.0703 1692 Nla - ok
12:11:19.0734 1692 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:11:19.0859 1692 Npfs - ok
12:11:19.0890 1692 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:11:20.0046 1692 Ntfs - ok
12:11:20.0078 1692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:11:20.0234 1692 NtLmSsp - ok
12:11:20.0265 1692 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:11:20.0437 1692 NtmsSvc - ok
12:11:20.0453 1692 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:11:20.0609 1692 Null - ok
12:11:20.0921 1692 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:11:21.0296 1692 nv - ok
12:11:21.0328 1692 [ 6A839AC21ECDE8945D52007152F2695E ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
12:11:21.0343 1692 NVHDA - ok
12:11:21.0375 1692 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:11:21.0390 1692 NVSvc - ok
12:11:21.0500 1692 [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:11:21.0593 1692 nvUpdatusService - ok
12:11:21.0625 1692 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:11:21.0781 1692 NwlnkFlt - ok
12:11:21.0812 1692 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:11:21.0968 1692 NwlnkFwd - ok
12:11:22.0000 1692 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:11:22.0140 1692 Parport - ok
12:11:22.0156 1692 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:11:22.0296 1692 PartMgr - ok
12:11:22.0312 1692 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:11:22.0468 1692 ParVdm - ok
12:11:22.0484 1692 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:11:22.0640 1692 PCI - ok
12:11:22.0640 1692 PCIDump - ok
12:11:22.0656 1692 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:11:22.0812 1692 PCIIde - ok
12:11:22.0828 1692 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:11:22.0984 1692 Pcmcia - ok
12:11:22.0984 1692 PDCOMP - ok
12:11:23.0000 1692 PDFRAME - ok
12:11:23.0000 1692 PDRELI - ok
12:11:23.0015 1692 PDRFRAME - ok
12:11:23.0031 1692 perc2 - ok
12:11:23.0031 1692 perc2hib - ok
12:11:23.0062 1692 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe
12:11:23.0218 1692 PlugPlay - ok
12:11:23.0281 1692 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
12:11:23.0296 1692 PnkBstrA - ok
12:11:23.0312 1692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:11:23.0453 1692 PolicyAgent - ok
12:11:23.0484 1692 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:11:23.0640 1692 PptpMiniport - ok
12:11:23.0640 1692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:11:23.0781 1692 ProtectedStorage - ok
12:11:23.0796 1692 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:11:23.0953 1692 PSched - ok
12:11:23.0968 1692 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:11:24.0109 1692 Ptilink - ok
12:11:24.0109 1692 pvm - ok
12:11:24.0125 1692 ql1080 - ok
12:11:24.0125 1692 Ql10wnt - ok
12:11:24.0140 1692 ql12160 - ok
12:11:24.0156 1692 ql1240 - ok
12:11:24.0171 1692 ql1280 - ok
12:11:24.0187 1692 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:11:24.0328 1692 RasAcd - ok
12:11:24.0375 1692 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:11:24.0515 1692 RasAuto - ok
12:11:24.0546 1692 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:11:24.0703 1692 Rasl2tp - ok
12:11:24.0750 1692 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:11:24.0906 1692 RasMan - ok
12:11:24.0921 1692 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:11:25.0062 1692 RasPppoe - ok
12:11:25.0078 1692 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:11:25.0234 1692 Raspti - ok
12:11:25.0250 1692 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:11:25.0406 1692 Rdbss - ok
12:11:25.0421 1692 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:11:25.0562 1692 RDPCDD - ok
12:11:25.0609 1692 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:11:25.0765 1692 rdpdr - ok
12:11:25.0796 1692 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:11:25.0953 1692 RDPWD - ok
12:11:25.0984 1692 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:11:26.0109 1692 RDSessMgr - ok
12:11:26.0140 1692 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:11:26.0296 1692 redbook - ok
12:11:26.0328 1692 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:11:26.0468 1692 RemoteAccess - ok
12:11:26.0500 1692 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:11:26.0656 1692 RemoteRegistry - ok
12:11:26.0671 1692 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:11:26.0812 1692 RpcLocator - ok
12:11:26.0843 1692 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:11:26.0984 1692 RpcSs - ok
12:11:27.0015 1692 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:11:27.0156 1692 RSVP - ok
12:11:27.0187 1692 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:11:27.0343 1692 rtl8139 - ok
12:11:27.0359 1692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:11:27.0500 1692 SamSs - ok
12:11:27.0546 1692 [ 06F16ACE5A2A70D8C63752CBB4C6A49D ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
12:11:27.0578 1692 SbieDrv - ok
12:11:27.0593 1692 [ 569655DF98D880680D2904940C94D16C ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
12:11:27.0609 1692 SbieSvc - ok
12:11:27.0625 1692 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:11:27.0781 1692 SCardSvr - ok
12:11:27.0828 1692 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:11:27.0984 1692 Schedule - ok
12:11:28.0000 1692 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:11:28.0140 1692 Secdrv - ok
12:11:28.0156 1692 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:11:28.0312 1692 seclogon - ok
12:11:28.0328 1692 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:11:28.0468 1692 SENS - ok
12:11:28.0500 1692 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:11:28.0640 1692 serenum - ok
12:11:28.0656 1692 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:11:28.0812 1692 Serial - ok
12:11:28.0859 1692 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:11:28.0984 1692 Sfloppy - ok
12:11:29.0015 1692 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:11:29.0171 1692 SharedAccess - ok
12:11:29.0203 1692 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:11:29.0343 1692 ShellHWDetection - ok
12:11:29.0343 1692 Simbad - ok
12:11:29.0375 1692 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:11:29.0390 1692 SkypeUpdate - ok
12:11:29.0437 1692 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:11:29.0562 1692 SLIP - ok
12:11:29.0593 1692 Sparrow - ok
12:11:29.0609 1692 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:11:29.0765 1692 splitter - ok
12:11:29.0796 1692 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:11:29.0953 1692 Spooler - ok
12:11:29.0968 1692 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:11:30.0125 1692 sr - ok
12:11:30.0156 1692 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:11:30.0312 1692 srservice - ok
12:11:30.0328 1692 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:11:30.0484 1692 Srv - ok
12:11:30.0515 1692 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:11:30.0656 1692 SSDPSRV - ok
12:11:30.0687 1692 Steam Client Service - ok
12:11:30.0703 1692 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:11:30.0859 1692 stisvc - ok
12:11:30.0875 1692 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:11:31.0031 1692 streamip - ok
12:11:31.0046 1692 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:11:31.0203 1692 swenum - ok
12:11:31.0218 1692 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:11:31.0359 1692 swmidi - ok
12:11:31.0375 1692 SwPrv - ok
12:11:31.0390 1692 symc810 - ok
12:11:31.0406 1692 symc8xx - ok
12:11:31.0406 1692 sym_hi - ok
12:11:31.0421 1692 sym_u3 - ok
12:11:31.0453 1692 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:11:31.0578 1692 sysaudio - ok
12:11:31.0609 1692 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:11:31.0750 1692 SysmonLog - ok
12:11:31.0781 1692 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
12:11:31.0796 1692 taphss - ok
12:11:31.0812 1692 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:11:31.0968 1692 TapiSrv - ok
12:11:32.0015 1692 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:11:32.0187 1692 Tcpip - ok
12:11:32.0203 1692 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:11:32.0359 1692 TDPIPE - ok
12:11:32.0375 1692 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:11:32.0531 1692 TDTCP - ok
12:11:32.0546 1692 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:11:32.0687 1692 TermDD - ok
12:11:32.0734 1692 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:11:32.0859 1692 TermService - ok
12:11:32.0890 1692 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:11:33.0031 1692 Themes - ok
12:11:33.0046 1692 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:11:33.0234 1692 TlntSvr - ok
12:11:33.0234 1692 TosIde - ok
12:11:33.0250 1692 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:11:33.0406 1692 TrkWks - ok
12:11:33.0453 1692 [ 9016639C71328E4667D06119937AA20A ] trufos C:\WINDOWS\system32\DRIVERS\trufos.sys
12:11:33.0468 1692 trufos - ok
12:11:33.0500 1692 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:11:33.0625 1692 Udfs - ok
12:11:33.0640 1692 ultra - ok
12:11:33.0687 1692 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:11:33.0843 1692 Update - ok
12:11:33.0859 1692 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:11:34.0031 1692 upnphost - ok
12:11:34.0046 1692 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:11:34.0203 1692 UPS - ok
12:11:34.0218 1692 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:11:34.0359 1692 usbccgp - ok
12:11:34.0375 1692 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:11:34.0531 1692 usbehci - ok
12:11:34.0546 1692 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:11:34.0687 1692 usbhub - ok
12:11:34.0718 1692 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:11:34.0859 1692 usbohci - ok
12:11:34.0875 1692 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:11:35.0015 1692 USBSTOR - ok
12:11:35.0062 1692 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:11:35.0234 1692 usbvideo - ok
12:11:35.0265 1692 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:11:35.0390 1692 VgaSave - ok
12:11:35.0406 1692 ViaIde - ok
12:11:35.0437 1692 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:11:35.0562 1692 VolSnap - ok
12:11:35.0609 1692 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:11:35.0781 1692 VSS - ok
12:11:35.0812 1692 [ 34923E278EAC7DDCEA717AE1FCF592F6 ] w200bus C:\WINDOWS\system32\DRIVERS\w200bus.sys
12:11:35.0828 1692 w200bus - ok
12:11:35.0859 1692 [ EFF90A983CD3DEAB05922242E8072DC6 ] w200mdfl C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
12:11:35.0906 1692 w200mdfl - ok
12:11:35.0921 1692 [ F03DA4FBB2708A0B5409EA63E88C0F50 ] w200mdm C:\WINDOWS\system32\DRIVERS\w200mdm.sys
12:11:35.0953 1692 w200mdm - ok
12:11:35.0968 1692 [ 1522D6387E6BB54AEF9824B1733832DB ] w200mgmt C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
12:11:36.0000 1692 w200mgmt - ok
12:11:36.0031 1692 [ 8405BE0BBA1CCF26D0FBDD26BE03C816 ] w200obex C:\WINDOWS\system32\DRIVERS\w200obex.sys
12:11:36.0062 1692 w200obex - ok
12:11:36.0078 1692 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:11:36.0250 1692 W32Time - ok
12:11:36.0281 1692 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:11:36.0421 1692 Wanarp - ok
12:11:36.0468 1692 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:11:36.0500 1692 Wdf01000 - ok
12:11:36.0500 1692 WDICA - ok
12:11:36.0531 1692 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:11:36.0687 1692 wdmaud - ok
12:11:36.0703 1692 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:11:36.0859 1692 WebClient - ok
12:11:36.0921 1692 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:11:37.0062 1692 winmgmt - ok
12:11:37.0109 1692 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:11:37.0156 1692 WmdmPmSN - ok
12:11:37.0187 1692 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:11:37.0343 1692 Wmi - ok
12:11:37.0359 1692 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:11:37.0515 1692 WmiApSrv - ok
12:11:37.0593 1692 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:11:37.0625 1692 WPFFontCache_v0400 - ok
12:11:37.0656 1692 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:11:37.0812 1692 WS2IFSL - ok
12:11:37.0843 1692 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:11:38.0000 1692 wscsvc - ok
12:11:38.0031 1692 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:11:38.0187 1692 WSTCODEC - ok
12:11:38.0203 1692 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:11:38.0343 1692 wuauserv - ok
12:11:38.0390 1692 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:11:38.0437 1692 WudfPf - ok
12:11:38.0453 1692 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:11:38.0468 1692 WudfRd - ok
12:11:38.0500 1692 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:11:38.0515 1692 WudfSvc - ok
12:11:38.0562 1692 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:11:38.0718 1692 WZCSVC - ok
12:11:38.0734 1692 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:11:38.0921 1692 xmlprov - ok
12:11:38.0953 1692 ================ Scan global ===============================
12:11:38.0968 1692 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:11:38.0984 1692 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:11:39.0000 1692 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:11:39.0015 1692 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
12:11:39.0015 1692 [Global] - ok
12:11:39.0015 1692 ================ Scan MBR ==================================
12:11:39.0031 1692 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:11:39.0265 1692 \Device\Harddisk0\DR0 - ok
12:11:39.0265 1692 ================ Scan VBR ==================================
12:11:39.0265 1692 [ 180BF90C48A0CCDDDBC2FB92B04BCB63 ] \Device\Harddisk0\DR0\Partition1
12:11:39.0265 1692 \Device\Harddisk0\DR0\Partition1 - ok
12:11:39.0296 1692 [ 10127C8C62B4D6887380D352E74D1449 ] \Device\Harddisk0\DR0\Partition2
12:11:39.0296 1692 \Device\Harddisk0\DR0\Partition2 - ok
12:11:39.0312 1692 [ 82649C3E1A7E4296962E43901B099556 ] \Device\Harddisk0\DR0\Partition3
12:11:39.0312 1692 \Device\Harddisk0\DR0\Partition3 - ok
12:11:39.0328 1692 [ 7A1F4879480E3C3D6F6A9FA4329DA38C ] \Device\Harddisk0\DR0\Partition4
12:11:39.0328 1692 \Device\Harddisk0\DR0\Partition4 - ok
12:11:39.0328 1692 ================ Scan active images ========================
12:11:39.0328 1692 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
12:11:39.0328 1692 C:\WINDOWS\system32\drivers\intelppm.sys - ok
12:11:39.0343 1692 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
12:11:39.0343 1692 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
12:11:39.0343 1692 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
12:11:39.0343 1692 C:\WINDOWS\system32\drivers\videoprt.sys - ok
12:11:39.0359 1692 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
12:11:39.0359 1692 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
12:11:39.0359 1692 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
12:11:39.0359 1692 C:\WINDOWS\system32\drivers\imapi.sys - ok
12:11:39.0375 1692 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
12:11:39.0375 1692 C:\WINDOWS\system32\drivers\cdrom.sys - ok
12:11:39.0375 1692 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
12:11:39.0375 1692 C:\WINDOWS\system32\drivers\ks.sys - ok
12:11:39.0390 1692 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
12:11:39.0390 1692 C:\WINDOWS\system32\drivers\redbook.sys - ok
12:11:39.0390 1692 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
12:11:39.0390 1692 C:\WINDOWS\system32\drivers\usbehci.sys - ok
12:11:39.0390 1692 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
12:11:39.0390 1692 C:\WINDOWS\system32\drivers\usbohci.sys - ok
12:11:39.0406 1692 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
12:11:39.0406 1692 C:\WINDOWS\system32\drivers\usbport.sys - ok
12:11:39.0406 1692 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
12:11:39.0406 1692 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
12:11:39.0421 1692 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
12:11:39.0421 1692 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
12:11:39.0421 1692 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
12:11:39.0421 1692 C:\WINDOWS\system32\drivers\mouclass.sys - ok
12:11:39.0437 1692 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
12:11:39.0437 1692 C:\WINDOWS\system32\drivers\serenum.sys - ok
12:11:39.0437 1692 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
12:11:39.0437 1692 C:\WINDOWS\system32\drivers\serial.sys - ok
12:11:39.0453 1692 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
12:11:39.0453 1692 C:\WINDOWS\system32\drivers\audstub.sys - ok
12:11:39.0453 1692 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
12:11:39.0453 1692 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
12:11:39.0468 1692 [ D507C1400284176573224903819FFDA3 ] C:\WINDOWS\system32\drivers\RTL8139.sys
12:11:39.0468 1692 C:\WINDOWS\system32\drivers\RTL8139.sys - ok
12:11:39.0468 1692 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] C:\WINDOWS\system32\drivers\ndistapi.sys
12:11:39.0468 1692 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
12:11:39.0484 1692 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
12:11:39.0484 1692 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
12:11:39.0484 1692 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
12:11:39.0484 1692 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
12:11:39.0500 1692 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
12:11:39.0500 1692 C:\WINDOWS\system32\drivers\tdi.sys - ok
12:11:39.0500 1692 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
12:11:39.0500 1692 C:\WINDOWS\system32\drivers\msgpc.sys - ok
12:11:39.0500 1692 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
12:11:39.0500 1692 C:\WINDOWS\system32\drivers\psched.sys - ok
12:11:39.0515 1692 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
12:11:39.0515 1692 C:\WINDOWS\system32\drivers\raspptp.sys - ok
12:11:39.0515 1692 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
12:11:39.0515 1692 C:\WINDOWS\system32\drivers\ptilink.sys - ok
12:11:39.0531 1692 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
12:11:39.0531 1692 C:\WINDOWS\system32\drivers\raspti.sys - ok
12:11:39.0531 1692 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] C:\WINDOWS\system32\drivers\taphss.sys
12:11:39.0531 1692 C:\WINDOWS\system32\drivers\taphss.sys - ok
12:11:39.0546 1692 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
12:11:39.0546 1692 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
12:11:39.0546 1692 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
12:11:39.0546 1692 C:\WINDOWS\system32\drivers\swenum.sys - ok
12:11:39.0562 1692 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
12:11:39.0562 1692 C:\WINDOWS\system32\drivers\termdd.sys - ok
12:11:39.0562 1692 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
12:11:39.0562 1692 C:\WINDOWS\system32\drivers\update.sys - ok
12:11:39.0578 1692 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
12:11:39.0578 1692 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
12:11:39.0578 1692 [ 6215023940CFD3702B46ABC304E1D45A ] C:\WINDOWS\system32\drivers\ndproxy.sys
12:11:39.0578 1692 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
12:11:39.0593 1692 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
12:11:39.0593 1692 C:\WINDOWS\system32\drivers\drmk.sys - ok
12:11:39.0593 1692 [ 6A839AC21ECDE8945D52007152F2695E ] C:\WINDOWS\system32\drivers\nvhda32.sys
12:11:39.0593 1692 C:\WINDOWS\system32\drivers\nvhda32.sys - ok
12:11:39.0609 1692 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
12:11:39.0609 1692 C:\WINDOWS\system32\drivers\portcls.sys - ok
12:11:39.0609 1692 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
12:11:39.0609 1692 C:\WINDOWS\system32\drivers\usbd.sys - ok
12:11:39.0625 1692 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
12:11:39.0625 1692 C:\WINDOWS\system32\drivers\usbhub.sys - ok
12:11:39.0625 1692 [ 9F6320E7B0C43E4E5693E1515BA5595C ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:11:39.0625 1692 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
12:11:39.0640 1692 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
12:11:39.0640 1692 C:\WINDOWS\system32\drivers\fdc.sys - ok
12:11:39.0640 1692 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
12:11:39.0640 1692 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
12:11:39.0656 1692 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
12:11:39.0656 1692 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
12:11:39.0656 1692 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
12:11:39.0656 1692 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
12:11:39.0671 1692 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
12:11:39.0671 1692 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
12:11:39.0671 1692 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
12:11:39.0671 1692 C:\WINDOWS\system32\drivers\beep.sys - ok
12:11:39.0671 1692 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
12:11:39.0671 1692 C:\WINDOWS\system32\drivers\hidparse.sys - ok
12:11:39.0687 1692 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
12:11:39.0687 1692 C:\WINDOWS\system32\drivers\null.sys - ok
12:11:39.0687 1692 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
12:11:39.0687 1692 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
12:11:39.0703 1692 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
12:11:39.0703 1692 C:\WINDOWS\system32\drivers\vga.sys - ok
12:11:39.0703 1692 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
12:11:39.0703 1692 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
12:11:39.0718 1692 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
12:11:39.0718 1692 C:\WINDOWS\system32\drivers\msfs.sys - ok
12:11:39.0718 1692 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
12:11:39.0718 1692 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
12:11:39.0734 1692 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
12:11:39.0734 1692 C:\WINDOWS\system32\drivers\ipsec.sys - ok
12:11:39.0734 1692 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
12:11:39.0734 1692 C:\WINDOWS\system32\drivers\npfs.sys - ok
12:11:39.0750 1692 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
12:11:39.0750 1692 C:\WINDOWS\system32\drivers\rasacd.sys - ok
12:11:39.0750 1692 [ 93EA8D04EC73A85DB02EB8805988F733 ] C:\WINDOWS\system32\drivers\tcpip.sys
12:11:39.0750 1692 C:\WINDOWS\system32\drivers\tcpip.sys - ok
12:11:39.0765 1692 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
12:11:39.0765 1692 C:\WINDOWS\system32\drivers\ipnat.sys - ok
12:11:39.0765 1692 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
12:11:39.0765 1692 C:\WINDOWS\system32\drivers\netbt.sys - ok
12:11:39.0781 1692 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
12:11:39.0781 1692 C:\WINDOWS\system32\drivers\wanarp.sys - ok
12:11:39.0781 1692 [ 322D0E36693D6E24A2398BEE62A268CD ] C:\WINDOWS\system32\drivers\afd.sys
12:11:39.0781 1692 C:\WINDOWS\system32\drivers\afd.sys - ok
12:11:39.0796 1692 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
12:11:39.0796 1692 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
12:11:39.0796 1692 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
12:11:39.0796 1692 C:\WINDOWS\system32\drivers\netbios.sys - ok
12:11:39.0812 1692 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
12:11:39.0812 1692 C:\WINDOWS\system32\drivers\rdbss.sys - ok
12:11:39.0812 1692 [ 68755F0FF16070178B54674FE5B847B0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
12:11:39.0812 1692 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
12:11:39.0828 1692 [ 2F03CEB28307983F3B36216D35FFA5AA ] C:\Program Files\UltraISO\drivers\ISODrive.sys
12:11:39.0828 1692 C:\Program Files\UltraISO\drivers\ISODrive.sys - ok
12:11:39.0828 1692 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
12:11:39.0828 1692 C:\WINDOWS\system32\drivers\cdfs.sys - ok
12:11:39.0843 1692 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
12:11:39.0843 1692 C:\WINDOWS\system32\drivers\fips.sys - ok
12:11:39.0843 1692 [ 042941C8E50F38E34C3C345F45E16CF3 ] C:\Program Files\Common Files\Bitdefender\setupinformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys
12:11:39.0843 1692 C:\Program Files\Common Files\Bitdefender\setupinformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys - ok
12:11:39.0859 1692 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
12:11:39.0859 1692 C:\WINDOWS\system32\drivers\hidclass.sys - ok
12:11:39.0859 1692 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
12:11:39.0859 1692 C:\WINDOWS\system32\drivers\hidusb.sys - ok
12:11:39.0875 1692 [ 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F ] C:\WINDOWS\system32\ntdll.dll
12:11:39.0875 1692 C:\WINDOWS\system32\ntdll.dll - ok
12:11:39.0875 1692 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
12:11:39.0875 1692 C:\WINDOWS\system32\smss.exe - ok
12:11:39.0890 1692 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
12:11:39.0890 1692 C:\WINDOWS\system32\autochk.exe - ok
12:11:39.0890 1692 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
12:11:39.0890 1692 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
12:11:39.0890 1692 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
12:11:39.0890 1692 C:\WINDOWS\system32\drivers\mouhid.sys - ok
12:11:39.0906 1692 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
12:11:39.0906 1692 C:\WINDOWS\system32\sfcfiles.dll - ok
12:11:39.0906 1692 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
12:11:39.0906 1692 C:\WINDOWS\system32\drivers\atapi.sys - ok
12:11:39.0921 1692 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
12:11:39.0921 1692 C:\WINDOWS\system32\drivers\wmilib.sys - ok
12:11:39.0921 1692 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
12:11:39.0921 1692 C:\WINDOWS\system32\drivers\dxapi.sys - ok
12:11:39.0937 1692 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
12:11:39.0937 1692 C:\WINDOWS\system32\watchdog.sys - ok
12:11:39.0937 1692 [ DE01D79A607C7B9AE7FF88E934D0FFB2 ] C:\WINDOWS\system32\win32k.sys
12:11:39.0937 1692 C:\WINDOWS\system32\win32k.sys - ok
12:11:39.0953 1692 [ 05B100F8DD7073BFD7B3E46D0E36AD0C ] C:\WINDOWS\system32\csrsrv.dll
12:11:39.0953 1692 C:\WINDOWS\system32\csrsrv.dll - ok
12:11:39.0953 1692 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
12:11:39.0953 1692 C:\WINDOWS\system32\csrss.exe - ok
12:11:39.0953 1692 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:11:39.0953 1692 C:\WINDOWS\system32\basesrv.dll - ok
12:11:39.0968 1692 [ B015B9134DAD7E29E7D2D6B5F5C8C2FC ] C:\WINDOWS\system32\gdi32.dll
12:11:39.0968 1692 C:\WINDOWS\system32\gdi32.dll - ok
12:11:39.0968 1692 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:11:39.0968 1692 C:\WINDOWS\system32\winsrv.dll - ok
12:11:39.0984 1692 [ C24B983D211C34DA8FCC1AC38477971D ] C:\WINDOWS\system32\kernel32.dll
12:11:39.0984 1692 C:\WINDOWS\system32\kernel32.dll - ok
12:11:39.0984 1692 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
12:11:39.0984 1692 C:\WINDOWS\system32\user32.dll - ok
12:11:40.0000 1692 [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
12:11:40.0000 1692 C:\WINDOWS\system32\lpk.dll - ok
12:11:40.0000 1692 [ 7D7D8501F3CB45D0408CDEFA08CDAEFF ] C:\WINDOWS\system32\usp10.dll
12:11:40.0000 1692 C:\WINDOWS\system32\usp10.dll - ok
12:11:40.0015 1692 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] C:\WINDOWS\system32\advapi32.dll
12:11:40.0015 1692 C:\WINDOWS\system32\advapi32.dll - ok
12:11:40.0015 1692 [ B979D9D1C8073DA21A7F80345F306A1D ] C:\WINDOWS\system32\rpcrt4.dll
12:11:40.0015 1692 C:\WINDOWS\system32\rpcrt4.dll - ok
12:11:40.0015 1692 [ 7459C16CC3EF4651CAB7C9260E43FC58 ] C:\WINDOWS\system32\secur32.dll
12:11:40.0015 1692 C:\WINDOWS\system32\secur32.dll - ok
12:11:40.0031 1692 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
12:11:40.0031 1692 C:\WINDOWS\system32\drivers\dxg.sys - ok
12:11:40.0031 1692 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
12:11:40.0031 1692 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
12:11:40.0046 1692 [ 8A067CC459AA9CF7597CEEFE05B35F3B ] C:\WINDOWS\system32\nv4_disp.dll
12:11:40.0046 1692 C:\WINDOWS\system32\nv4_disp.dll - ok
12:11:40.0046 1692 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
12:11:40.0046 1692 C:\WINDOWS\system32\vga.dll - ok
12:11:40.0062 1692 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
12:11:40.0062 1692 C:\WINDOWS\system32\winlogon.exe - ok
12:11:40.0062 1692 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
12:11:40.0062 1692 C:\WINDOWS\system32\authz.dll - ok
12:11:40.0078 1692 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
12:11:40.0078 1692 C:\WINDOWS\system32\msvcrt.dll - ok
12:11:40.0078 1692 [ BDAAF79DD63F194434D31A74B9BB8B77 ] C:\WINDOWS\system32\crypt32.dll
12:11:40.0078 1692 C:\WINDOWS\system32\crypt32.dll - ok
12:11:40.0093 1692 [ A11F1EA5346165347BF54C1F959C3FBC ] C:\WINDOWS\system32\msasn1.dll
12:11:40.0093 1692 C:\WINDOWS\system32\msasn1.dll - ok
12:11:40.0093 1692 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
12:11:40.0093 1692 C:\WINDOWS\system32\nddeapi.dll - ok
12:11:40.0109 1692 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
12:11:40.0109 1692 C:\WINDOWS\system32\profmap.dll - ok
12:11:40.0109 1692 [ 6DB7788FA7E2566267516FA635C3797E ] C:\WINDOWS\system32\netapi32.dll
12:11:40.0109 1692 C:\WINDOWS\system32\netapi32.dll - ok
12:11:40.0109 1692 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
12:11:40.0109 1692 C:\WINDOWS\system32\userenv.dll - ok
12:11:40.0125 1692 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
12:11:40.0125 1692 C:\WINDOWS\system32\psapi.dll - ok
12:11:40.0125 1692 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
12:11:40.0125 1692 C:\WINDOWS\system32\regapi.dll - ok
12:11:40.0140 1692 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
12:11:40.0140 1692 C:\WINDOWS\system32\setupapi.dll - ok
12:11:40.0140 1692 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
12:11:40.0140 1692 C:\WINDOWS\system32\version.dll - ok
12:11:40.0156 1692 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
12:11:40.0156 1692 C:\WINDOWS\system32\winsta.dll - ok
12:11:40.0171 1692 [ B25D14DCBBB6623C1A63CD07A97DF32B ] C:\WINDOWS\system32\wintrust.dll
12:11:40.0171 1692 C:\WINDOWS\system32\wintrust.dll - ok
12:11:40.0171 1692 [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
12:11:40.0171 1692 C:\WINDOWS\system32\imagehlp.dll - ok
12:11:40.0171 1692 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
12:11:40.0171 1692 C:\WINDOWS\system32\ws2help.dll - ok
12:11:40.0187 1692 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
12:11:40.0187 1692 C:\WINDOWS\system32\ws2_32.dll - ok
12:11:40.0187 1692 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
12:11:40.0187 1692 C:\WINDOWS\system32\imm32.dll - ok
12:11:40.0203 1692 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
12:11:40.0203 1692 C:\WINDOWS\system32\kbdus.dll - ok
12:11:40.0203 1692 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
12:11:40.0203 1692 C:\WINDOWS\system32\msgina.dll - ok
12:11:40.0218 1692 [ 06F247492BC786CE5C24A23E178C711A ] C:\WINDOWS\system32\comctl32.dll
12:11:40.0218 1692 C:\WINDOWS\system32\comctl32.dll - ok
12:11:40.0218 1692 [ 52A5A388661FF3A889593185367B7226 ] C:\WINDOWS\system32\odbc32.dll
12:11:40.0218 1692 C:\WINDOWS\system32\odbc32.dll - ok
12:11:40.0234 1692 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
12:11:40.0234 1692 C:\WINDOWS\system32\comdlg32.dll - ok
12:11:40.0234 1692 [ 0CF50B1F45DAB08430C1DBB79FE2CA5B ] C:\WINDOWS\system32\shell32.dll
12:11:40.0234 1692 C:\WINDOWS\system32\shell32.dll - ok
12:11:40.0250 1692 [ 72EDAE61E761C14714BFD0CB4BA3C0DB ] C:\WINDOWS\system32\shlwapi.dll
12:11:40.0250 1692 C:\WINDOWS\system32\shlwapi.dll - ok
12:11:40.0250 1692 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
12:11:40.0250 1692 C:\WINDOWS\system32\sxs.dll - ok
12:11:40.0265 1692 [ BD38D1EBE24A46BD3EDA059560AFBA12 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
12:11:40.0265 1692 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok
12:11:40.0265 1692 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
12:11:40.0265 1692 C:\WINDOWS\system32\odbcint.dll - ok
12:11:40.0281 1692 [ 1926899BF9FFE2602B63074971700412 ] C:\WINDOWS\system32\shsvcs.dll
12:11:40.0281 1692 C:\WINDOWS\system32\shsvcs.dll - ok
12:11:40.0281 1692 [ ECCE74BC6168375016450A86A164D976 ] C:\WINDOWS\system32\ole32.dll
12:11:40.0281 1692 C:\WINDOWS\system32\ole32.dll - ok
12:11:40.0296 1692 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
12:11:40.0296 1692 C:\WINDOWS\system32\sfc.dll - ok
12:11:40.0296 1692 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
12:11:40.0296 1692 C:\WINDOWS\system32\sfc_os.dll - ok
12:11:40.0296 1692 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
12:11:40.0296 1692 C:\WINDOWS\system32\apphelp.dll - ok
12:11:40.0312 1692 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
12:11:40.0312 1692 C:\WINDOWS\system32\services.exe - ok
12:11:40.0312 1692 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
12:11:40.0312 1692 C:\WINDOWS\system32\ncobjapi.dll - ok
12:11:40.0328 1692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
12:11:40.0328 1692 C:\WINDOWS\system32\lsass.exe - ok
12:11:40.0328 1692 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
12:11:40.0328 1692 C:\WINDOWS\system32\msvcp60.dll - ok
12:11:40.0343 1692 [ EA9AAA0B9BBF9B24FD3CAECC7FD69A1E ] C:\WINDOWS\system32\lsasrv.dll
12:11:40.0343 1692 C:\WINDOWS\system32\lsasrv.dll - ok
12:11:40.0343 1692 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
12:11:40.0343 1692 C:\WINDOWS\system32\scesrv.dll - ok
12:11:40.0359 1692 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
12:11:40.0359 1692 C:\WINDOWS\system32\mpr.dll - ok
12:11:40.0359 1692 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
12:11:40.0359 1692 C:\WINDOWS\system32\ntdsapi.dll - ok
12:11:40.0359 1692 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
12:11:40.0359 1692 C:\WINDOWS\system32\umpnpmgr.dll - ok
12:11:40.0375 1692 [ 0A3325D38DB90792BBBE01334F273974 ] C:\WINDOWS\system32\dnsapi.dll
12:11:40.0375 1692 C:\WINDOWS\system32\dnsapi.dll - ok
12:11:40.0375 1692 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
12:11:40.0375 1692 C:\WINDOWS\system32\shimeng.dll - ok
12:11:40.0390 1692 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
12:11:40.0390 1692 C:\WINDOWS\AppPatch\acadproc.dll - ok
12:11:40.0390 1692 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
12:11:40.0390 1692 C:\WINDOWS\system32\wldap32.dll - ok
12:11:40.0406 1692 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
12:11:40.0406 1692 C:\WINDOWS\system32\samlib.dll - ok
12:11:40.0406 1692 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
12:11:40.0406 1692 C:\WINDOWS\system32\samsrv.dll - ok
12:11:40.0421 1692 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
12:11:40.0421 1692 C:\WINDOWS\system32\cryptdll.dll - ok
12:11:40.0421 1692 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
12:11:40.0421 1692 C:\WINDOWS\AppPatch\acgenral.dll - ok
12:11:40.0421 1692 [ 387006CF9983000BAB76DD250D424045 ] C:\WINDOWS\system32\oleaut32.dll
12:11:40.0421 1692 C:\WINDOWS\system32\oleaut32.dll - ok
12:11:40.0437 1692 [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
12:11:40.0437 1692 C:\WINDOWS\system32\winmm.dll - ok
12:11:40.0437 1692 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
12:11:40.0437 1692 C:\WINDOWS\system32\msacm32.dll - ok
12:11:40.0453 1692 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
12:11:40.0453 1692 C:\WINDOWS\system32\uxtheme.dll - ok
12:11:40.0453 1692 [ C61E8ECFFDBF05FF71D079BBD35396B3 ] C:\WINDOWS\system32\schannel.dll
12:11:40.0453 1692 C:\WINDOWS\system32\schannel.dll - ok
12:11:40.0468 1692 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
12:11:40.0468 1692 C:\WINDOWS\system32\msctfime.ime - ok
12:11:40.0468 1692 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
12:11:40.0468 1692 C:\WINDOWS\system32\msprivs.dll - ok
12:11:40.0484 1692 [ B17DEFD576AE373E7A1A2C75665E4549 ] C:\WINDOWS\system32\kerberos.dll
12:11:40.0484 1692 C:\WINDOWS\system32\kerberos.dll - ok
12:11:40.0484 1692 [ 0F152F4E57FDF9E8E8BDFEA583A4926B ] C:\WINDOWS\system32\msv1_0.dll
12:11:40.0484 1692 C:\WINDOWS\system32\msv1_0.dll - ok
12:11:40.0484 1692 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
12:11:40.0484 1692 C:\WINDOWS\system32\iphlpapi.dll - ok
12:11:40.0500 1692 [ 34EF4739A4D9D09A96069198F42B8D99 ] C:\WINDOWS\system32\atmfd.dll
12:11:40.0500 1692 C:\WINDOWS\system32\atmfd.dll - ok
12:11:40.0500 1692 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
12:11:40.0500 1692 C:\WINDOWS\system32\netlogon.dll - ok
12:11:40.0515 1692 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
12:11:40.0515 1692 C:\WINDOWS\system32\w32time.dll - ok
12:11:40.0515 1692 [ CEFCC6A64983EB8119F3A07A0C1EDE30 ] C:\WINDOWS\system32\wdigest.dll
12:11:40.0515 1692 C:\WINDOWS\system32\wdigest.dll - ok
12:11:40.0531 1692 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
12:11:40.0531 1692 C:\WINDOWS\system32\rsaenh.dll - ok
12:11:40.0531 1692 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
12:11:40.0531 1692 C:\WINDOWS\system32\winscard.dll - ok
12:11:40.0546 1692 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
12:11:40.0546 1692 C:\WINDOWS\system32\wtsapi32.dll - ok
12:11:40.0546 1692 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
12:11:40.0546 1692 C:\WINDOWS\system32\scecli.dll - ok
12:11:40.0562 1692 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] C:\WINDOWS\system32\drivers\mbam.sys
12:11:40.0562 1692 C:\WINDOWS\system32\drivers\mbam.sys - ok
12:11:40.0562 1692 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
12:11:40.0562 1692 C:\WINDOWS\system32\svchost.exe - ok
12:11:40.0578 1692 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
12:11:40.0578 1692 C:\WINDOWS\system32\ntmarta.dll - ok
12:11:40.0578 1692 [ 2589FE6015A316C0F5D5112B4DA7B509 ] C:\WINDOWS\system32\rpcss.dll
12:11:40.0578 1692 C:\WINDOWS\system32\rpcss.dll - ok
12:11:40.0578 1692 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
12:11:40.0578 1692 C:\WINDOWS\system32\xpsp2res.dll - ok
12:11:40.0593 1692 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
12:11:40.0593 1692 C:\WINDOWS\system32\eventlog.dll - ok
12:11:40.0593 1692 [ B4138E99236F0F57D4CF49BAE98A0746 ] C:\WINDOWS\system32\mswsock.dll
12:11:40.0593 1692 C:\WINDOWS\system32\mswsock.dll - ok
12:11:40.0609 1692 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
12:11:40.0609 1692 C:\WINDOWS\system32\hnetcfg.dll - ok
12:11:40.0609 1692 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
12:11:40.0609 1692 C:\WINDOWS\system32\wshtcpip.dll - ok
12:11:40.0625 1692 [ 1F5A570AD942DFCFE4500326ABDD72B2 ] C:\Program Files\Bonjour\mdnsNSP.dll
12:11:40.0625 1692 C:\Program Files\Bonjour\mdnsNSP.dll - ok
12:11:40.0625 1692 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
12:11:40.0625 1692 C:\WINDOWS\system32\winrnr.dll - ok
12:11:40.0640 1692 [ 569655DF98D880680D2904940C94D16C ] C:\Program Files\Sandboxie\SbieSvc.exe
12:11:40.0640 1692 C:\Program Files\Sandboxie\SbieSvc.exe - ok
12:11:40.0640 1692 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
12:11:40.0640 1692 C:\WINDOWS\system32\rasadhlp.dll - ok
12:11:40.0656 1692 [ 39379CFBA32C59A6D923F9E90A9B2836 ] C:\Program Files\Sandboxie\SbieDll.dll
12:11:40.0656 1692 C:\Program Files\Sandboxie\SbieDll.dll - ok
12:11:40.0656 1692 [ 06F16ACE5A2A70D8C63752CBB4C6A49D ] C:\Program Files\Sandboxie\SbieDrv.sys
12:11:40.0656 1692 C:\Program Files\Sandboxie\SbieDrv.sys - ok
12:11:40.0656 1692 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
12:11:40.0656 1692 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
12:11:40.0671 1692 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
12:11:40.0671 1692 C:\WINDOWS\system32\dhcpcsvc.dll - ok
12:11:40.0671 1692 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] C:\WINDOWS\system32\dnsrslvr.dll
12:11:40.0671 1692 C:\WINDOWS\system32\dnsrslvr.dll - ok
12:11:40.0687 1692 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
12:11:40.0687 1692 C:\WINDOWS\system32\lmhsvc.dll - ok
12:11:40.0687 1692 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
12:11:40.0687 1692 C:\WINDOWS\system32\wzcsvc.dll - ok
12:11:40.0703 1692 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
12:11:40.0703 1692 C:\WINDOWS\system32\rtutils.dll - ok
12:11:40.0703 1692 [ 14EE0E012E7298FC1448A88E9FE53322 ] C:\WINDOWS\system32\atl.dll
12:11:40.0703 1692 C:\WINDOWS\system32\atl.dll - ok
12:11:40.0718 1692 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
12:11:40.0718 1692 C:\WINDOWS\system32\eapolqec.dll - ok
12:11:40.0718 1692 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
12:11:40.0718 1692 C:\WINDOWS\system32\wmi.dll - ok
12:11:40.0734 1692 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
12:11:40.0734 1692 C:\WINDOWS\system32\dot3api.dll - ok
12:11:40.0734 1692 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
12:11:40.0734 1692 C:\WINDOWS\system32\qutil.dll - ok
12:11:40.0734 1692 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
12:11:40.0734 1692 C:\WINDOWS\system32\esent.dll - ok
12:11:40.0750 1692 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
12:11:40.0750 1692 C:\WINDOWS\system32\clbcatq.dll - ok
12:11:40.0750 1692 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
12:11:40.0750 1692 C:\WINDOWS\system32\comres.dll - ok
12:11:40.0765 1692 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
12:11:40.0765 1692 C:\WINDOWS\system32\cryptui.dll - ok
12:11:40.0781 1692 [ 036D3962F2086BF2A98E2873CE153828 ] C:\WINDOWS\system32\rastls.dll
12:11:40.0781 1692 C:\WINDOWS\system32\rastls.dll - ok
12:11:40.0781 1692 [ 6CE32F7778061CCC5814D5E0F282D369 ] C:\WINDOWS\system32\wininet.dll
12:11:40.0781 1692 C:\WINDOWS\system32\wininet.dll - ok
12:11:40.0796 1692 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
12:11:40.0796 1692 C:\WINDOWS\system32\normaliz.dll - ok
12:11:40.0796 1692 [ 05642AE6A7BDAA7541A7451F5A4C6512 ] C:\WINDOWS\system32\urlmon.dll
12:11:40.0796 1692 C:\WINDOWS\system32\urlmon.dll - ok
12:11:40.0812 1692 [ A14D324C50EB71FB480DDD60481D0C04 ] C:\WINDOWS\system32\pstorec.dll
12:11:40.0812 1692 C:\WINDOWS\system32\pstorec.dll - ok
12:11:40.0828 1692 [ 58BD4689E1DCD40A903721D7EF45F2EC ] C:\WINDOWS\system32\iertutil.dll
12:11:40.0828 1692 C:\WINDOWS\system32\iertutil.dll - ok
12:11:40.0828 1692 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
12:11:40.0828 1692 C:\WINDOWS\system32\activeds.dll - ok
12:11:40.0843 1692 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
12:11:40.0843 1692 C:\WINDOWS\system32\mprapi.dll - ok
12:11:40.0859 1692 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
12:11:40.0859 1692 C:\WINDOWS\system32\adsldpc.dll - ok
12:11:40.0859 1692 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
12:11:40.0859 1692 C:\WINDOWS\system32\rasapi32.dll - ok
12:11:40.0875 1692 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
12:11:40.0875 1692 C:\WINDOWS\system32\rasman.dll - ok
12:11:40.0875 1692 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
12:11:40.0875 1692 C:\WINDOWS\system32\tapi32.dll - ok
12:11:40.0890 1692 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
12:11:40.0890 1692 C:\WINDOWS\system32\riched20.dll - ok
12:11:40.0906 1692 [ ED43F00CD77E72483A8625AC4F32D8D8 ] C:\WINDOWS\system32\raschap.dll
12:11:40.0906 1692 C:\WINDOWS\system32\raschap.dll - ok
12:11:40.0906 1692 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
12:11:40.0906 1692 C:\WINDOWS\system32\schedsvc.dll - ok
12:11:40.0921 1692 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
12:11:40.0921 1692 C:\WINDOWS\system32\logonui.exe - ok
12:11:40.0921 1692 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
12:11:40.0921 1692 C:\WINDOWS\system32\msidle.dll - ok
12:11:40.0937 1692 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
12:11:40.0937 1692 C:\WINDOWS\system32\cscdll.dll - ok
12:11:40.0953 1692 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
12:11:40.0953 1692 C:\WINDOWS\system32\dimsntfy.dll - ok
12:11:40.0953 1692 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
12:11:40.0953 1692 C:\WINDOWS\system32\duser.dll - ok
12:11:40.0968 1692 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] C:\WINDOWS\system32\spoolsv.exe
12:11:40.0968 1692 C:\WINDOWS\system32\spoolsv.exe - ok
12:11:40.0984 1692 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
12:11:40.0984 1692 C:\WINDOWS\system32\msimg32.dll - ok
12:11:40.0984 1692 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
12:11:40.0984 1692 C:\WINDOWS\system32\oleacc.dll - ok
12:11:41.0000 1692 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
12:11:41.0000 1692 C:\WINDOWS\system32\audiosrv.dll - ok
12:11:41.0015 1692 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
12:11:41.0015 1692 C:\WINDOWS\system32\winspool.drv - ok
12:11:41.0015 1692 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
12:11:41.0015 1692 C:\WINDOWS\system32\wlnotify.dll - ok
12:11:41.0031 1692 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] C:\WINDOWS\system32\wkssvc.dll
12:11:41.0031 1692 C:\WINDOWS\system32\wkssvc.dll - ok
12:11:41.0031 1692 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
12:11:41.0031 1692 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
12:11:41.0046 1692 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
12:11:41.0046 1692 C:\WINDOWS\system32\webclnt.dll - ok
12:11:41.0062 1692 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
12:11:41.0062 1692 C:\WINDOWS\system32\shgina.dll - ok
12:11:41.0062 1692 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
12:11:41.0062 1692 C:\WINDOWS\system32\drivers\parport.sys - ok
12:11:41.0078 1692 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
12:11:41.0078 1692 C:\WINDOWS\system32\qmgr.dll - ok
12:11:41.0093 1692 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
12:11:41.0093 1692 C:\WINDOWS\system32\shfolder.dll - ok
12:11:41.0093 1692 [ D29F2889BAA10E19AD9FF70C8D5ECF50 ] C:\WINDOWS\system32\winhttp.dll
12:11:41.0093 1692 C:\WINDOWS\system32\winhttp.dll - ok
12:11:41.0109 1692 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:11:41.0109 1692 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
12:11:41.0125 1692 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
12:11:41.0125 1692 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
12:11:41.0125 1692 [ 5490159446E337B474BEA2C7E20F3E00 ] C:\WINDOWS\system32\kbdintam.dll
12:11:41.0125 1692 C:\WINDOWS\system32\kbdintam.dll - ok
12:11:41.0140 1692 [ EABE47E4F0E16649C603AD6F2B36051F ] C:\WINDOWS\system32\kbdsn1.dll
12:11:41.0140 1692 C:\WINDOWS\system32\kbdsn1.dll - ok
12:11:41.0156 1692 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
12:11:41.0156 1692 C:\WINDOWS\system32\netman.dll - ok
12:11:41.0156 1692 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
12:11:41.0156 1692 C:\WINDOWS\system32\netshell.dll - ok
12:11:41.0171 1692 [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
12:11:41.0171 1692 C:\WINDOWS\system32\mscoree.dll - ok
12:11:41.0187 1692 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
12:11:41.0187 1692 C:\WINDOWS\system32\credui.dll - ok
12:11:41.0203 1692 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
12:11:41.0203 1692 C:\WINDOWS\system32\dot3dlg.dll - ok
12:11:41.0218 1692 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
12:11:41.0218 1692 C:\WINDOWS\system32\onex.dll - ok
12:11:41.0234 1692 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
12:11:41.0234 1692 C:\WINDOWS\system32\eappcfg.dll - ok
12:11:41.0234 1692 [ 43683E970F008C93C9429EF428147A54 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:11:41.0234 1692 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
12:11:41.0250 1692 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
12:11:41.0250 1692 C:\WINDOWS\system32\eappprxy.dll - ok
12:11:41.0265 1692 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
12:11:41.0265 1692 C:\WINDOWS\system32\wzcsapi.dll - ok
12:11:41.0265 1692 [ FB665485B6C8EE16FED0619ADFF8B27A ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
12:11:41.0265 1692 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
12:11:41.0281 1692 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
12:11:41.0281 1692 C:\WINDOWS\system32\dmserver.dll - ok
12:11:41.0281 1692 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
12:11:41.0281 1692 C:\WINDOWS\system32\cscui.dll - ok
12:11:41.0296 1692 [ 19A799805B24990867B00C120D300C3A ] C:\WINDOWS\system32\es.dll
12:11:41.0296 1692 C:\WINDOWS\system32\es.dll - ok
12:11:41.0312 1692 [ 24744F14E76174927AA2BD4600709192 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
12:11:41.0312 1692 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
12:11:41.0312 1692 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
12:11:41.0312 1692 C:\WINDOWS\system32\powrprof.dll - ok
12:11:41.0328 1692 [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
12:11:41.0328 1692 C:\WINDOWS\system32\dpcdll.dll - ok
12:11:41.0328 1692 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
12:11:41.0328 1692 C:\WINDOWS\system32\hidserv.dll - ok
12:11:41.0343 1692 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
12:11:41.0343 1692 C:\WINDOWS\system32\hid.dll - ok
12:11:41.0359 1692 [ F385F4B02C535BFFE1D70CAB80838123 ] C:\WINDOWS\system32\srvsvc.dll
12:11:41.0359 1692 C:\WINDOWS\system32\srvsvc.dll - ok
12:11:41.0359 1692 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
12:11:41.0359 1692 C:\WINDOWS\system32\wdmaud.drv - ok
12:11:41.0375 1692 [ 8F233C5BC68E34D18D38257B283CE96C ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
12:11:41.0375 1692 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
12:11:41.0390 1692 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
12:11:41.0390 1692 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
12:11:41.0390 1692 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
12:11:41.0390 1692 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
12:11:41.0406 1692 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
12:11:41.0406 1692 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
12:11:41.0421 1692 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
12:11:41.0421 1692 C:\WINDOWS\system32\netmsg.dll - ok
12:11:41.0421 1692 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
12:11:41.0421 1692 C:\WINDOWS\system32\drivers\splitter.sys - ok
12:11:41.0437 1692 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
12:11:41.0437 1692 C:\WINDOWS\system32\rasmans.dll - ok
12:11:41.0437 1692 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
12:11:41.0437 1692 C:\WINDOWS\system32\drivers\aec.sys - ok
12:11:41.0453 1692 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
12:11:41.0453 1692 C:\WINDOWS\system32\sens.dll - ok
12:11:41.0468 1692 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
12:11:41.0468 1692 C:\WINDOWS\system32\userinit.exe - ok
12:11:41.0468 1692 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
12:11:41.0468 1692 C:\WINDOWS\system32\winipsec.dll - ok
12:11:41.0484 1692 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] C:\WINDOWS\system32\PnkBstrA.exe
12:11:41.0484 1692 C:\WINDOWS\system32\PnkBstrA.exe - ok
12:11:41.0484 1692 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
12:11:41.0484 1692 C:\WINDOWS\system32\drivers\swmidi.sys - ok
12:11:41.0500 1692 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
12:11:41.0500 1692 C:\WINDOWS\system32\drivers\dmusic.sys - ok
12:11:41.0500 1692 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
12:11:41.0500 1692 C:\WINDOWS\system32\netcfgx.dll - ok
12:11:41.0515 1692 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
12:11:41.0515 1692 C:\WINDOWS\system32\wsock32.dll - ok
12:11:41.0515 1692 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
12:11:41.0515 1692 C:\WINDOWS\system32\drivers\kmixer.sys - ok
12:11:41.0531 1692 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
12:11:41.0531 1692 C:\WINDOWS\system32\clusapi.dll - ok
12:11:41.0531 1692 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
12:11:41.0531 1692 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
12:11:41.0546 1692 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
12:11:41.0546 1692 C:\WINDOWS\system32\ersvc.dll - ok
12:11:41.0546 1692 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
12:11:41.0546 1692 C:\WINDOWS\system32\cryptsvc.dll - ok
12:11:41.0562 1692 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
12:11:41.0562 1692 C:\WINDOWS\system32\certcli.dll - ok
12:11:41.0562 1692 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
12:11:41.0562 1692 C:\WINDOWS\system32\ipsecsvc.dll - ok
12:11:41.0578 1692 [ 33CEB89B62589E8B12AEE9E2D523DADE ] C:\WINDOWS\system32\oakley.dll
12:11:41.0578 1692 C:\WINDOWS\system32\oakley.dll - ok
12:11:41.0578 1692 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
12:11:41.0578 1692 C:\WINDOWS\system32\seclogon.dll - ok
12:11:41.0578 1692 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
12:11:41.0578 1692 C:\WINDOWS\system32\pstorsvc.dll - ok
12:11:41.0593 1692 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
12:11:41.0593 1692 C:\WINDOWS\system32\srsvc.dll - ok
12:11:41.0593 1692 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
12:11:41.0593 1692 C:\WINDOWS\system32\psbase.dll - ok
12:11:41.0609 1692 [ 5252605079810904E31C332E241CD59B ] C:\WINDOWS\system32\drivers\srv.sys
12:11:41.0609 1692 C:\WINDOWS\system32\drivers\srv.sys - ok
12:11:41.0609 1692 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
12:11:41.0609 1692 C:\WINDOWS\system32\dssenh.dll - ok
12:11:41.0625 1692 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
12:11:41.0625 1692 C:\WINDOWS\system32\wiaservc.dll - ok
12:11:41.0625 1692 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
12:11:41.0625 1692 C:\WINDOWS\system32\msacm32.drv - ok
12:11:41.0640 1692 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
12:11:41.0640 1692 C:\WINDOWS\system32\trkwks.dll - ok
12:11:41.0640 1692 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
12:11:41.0640 1692 C:\WINDOWS\system32\cfgmgr32.dll - ok
12:11:41.0656 1692 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
12:11:41.0656 1692 C:\WINDOWS\system32\midimap.dll - ok
12:11:41.0656 1692 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
12:11:41.0656 1692 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
12:11:41.0671 1692 [ 9333DBAEDD617899C3562E937949D068 ] C:\WINDOWS\system32\mscms.dll
12:11:41.0671 1692 C:\WINDOWS\system32\mscms.dll - ok
12:11:41.0671 1692 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
12:11:41.0671 1692 C:\WINDOWS\system32\vssapi.dll - ok
12:11:41.0687 1692 [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
12:11:41.0687 1692 C:\WINDOWS\system32\browser.dll - ok
12:11:41.0687 1692 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
12:11:41.0687 1692 C:\WINDOWS\system32\wuauserv.dll - ok
12:11:41.0703 1692 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
12:11:41.0703 1692 C:\WINDOWS\system32\wuaueng.dll - ok
12:11:41.0703 1692 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
12:11:41.0703 1692 C:\WINDOWS\explorer.exe - ok
12:11:41.0718 1692 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
12:11:41.0718 1692 C:\WINDOWS\system32\browseui.dll - ok
12:11:41.0718 1692 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
12:11:41.0718 1692 C:\WINDOWS\system32\cabinet.dll - ok
12:11:41.0734 1692 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
12:11:41.0734 1692 C:\WINDOWS\system32\mspatcha.dll - ok
12:11:41.0734 1692 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
12:11:41.0734 1692 C:\WINDOWS\system32\shdocvw.dll - ok
12:11:41.0734 1692 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
12:11:41.0750 1692 C:\WINDOWS\system32\actxprxy.dll - ok
12:11:41.0750 1692 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
12:11:41.0750 1692 C:\WINDOWS\system32\ipnathlp.dll - ok
12:11:41.0750 1692 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
12:11:41.0750 1692 C:\WINDOWS\system32\wscsvc.dll - ok
12:11:41.0765 1692 [ ABF1962C902E85AD36761956BDE72325 ] C:\WINDOWS\system32\msi.dll
12:11:41.0765 1692 C:\WINDOWS\system32\msi.dll - ok
12:11:41.0765 1692 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
12:11:41.0765 1692 C:\WINDOWS\system32\comsvcs.dll - ok
12:11:41.0781 1692 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
12:11:41.0781 1692 C:\WINDOWS\system32\desk.cpl - ok
12:11:41.0781 1692 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
12:11:41.0781 1692 C:\WINDOWS\system32\colbact.dll - ok
12:11:41.0796 1692 [ 72CD04A8789BEFAB99F06658A41D10C9 ] C:\WINDOWS\system32\mtxclu.dll
12:11:41.0796 1692 C:\WINDOWS\system32\mtxclu.dll - ok
12:11:41.0796 1692 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
12:11:41.0796 1692 C:\WINDOWS\system32\resutils.dll - ok
12:11:41.0812 1692 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
12:11:41.0812 1692 C:\WINDOWS\system32\themeui.dll - ok
12:11:41.0812 1692 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
12:11:41.0812 1692 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
12:11:41.0828 1692 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
12:11:41.0828 1692 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
12:11:41.0828 1692 [ 98A70D16C400CF422962247B238283DC ] C:\WINDOWS\system32\mtxoci.dll
12:11:41.0828 1692 C:\WINDOWS\system32\mtxoci.dll - ok
12:11:41.0843 1692 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
12:11:41.0843 1692 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
12:11:41.0843 1692 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
12:11:41.0843 1692 C:\WINDOWS\system32\wbem\esscli.dll - ok
12:11:41.0859 1692 [ 60027BEA3E76D7DD8D96C02432BFDE82 ] C:\WINDOWS\system32\wbem\fastprox.dll
12:11:41.0859 1692 C:\WINDOWS\system32\wbem\fastprox.dll - ok
12:11:41.0859 1692 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
12:11:41.0859 1692 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
12:11:41.0875 1692 [ FBDB9D0935B9907B809B381FDDF1627F ] C:\WINDOWS\system32\regsvr32.exe
12:11:41.0875 1692 C:\WINDOWS\system32\regsvr32.exe - ok
12:11:41.0875 1692 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
12:11:41.0875 1692 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
12:11:41.0890 1692 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
12:11:41.0890 1692 C:\WINDOWS\system32\wups.dll - ok
12:11:41.0890 1692 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
12:11:41.0890 1692 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
12:11:41.0906 1692 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
12:11:41.0906 1692 C:\WINDOWS\system32\wups2.dll - ok
12:11:41.0921 1692 [ C2A4FDBD76953411000A01EB047DDC12 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
12:11:41.0921 1692 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
12:11:41.0921 1692 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
12:11:41.0921 1692 C:\WINDOWS\system32\wbem\wbemess.dll - ok
12:11:41.0921 1692 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
12:11:41.0921 1692 C:\WINDOWS\system32\wuauclt.exe - ok
12:11:41.0937 1692 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
12:11:41.0937 1692 C:\WINDOWS\system32\wuapi.dll - ok
12:11:41.0937 1692 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
12:11:41.0937 1692 C:\WINDOWS\system32\wbem\ncprov.dll - ok
12:11:41.0953 1692 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
12:11:41.0953 1692 C:\WINDOWS\system32\termsrv.dll - ok
12:11:41.0953 1692 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
12:11:41.0953 1692 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
12:11:41.0968 1692 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
12:11:41.0968 1692 C:\WINDOWS\system32\icaapi.dll - ok
12:11:41.0968 1692 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
12:11:41.0968 1692 C:\WINDOWS\system32\mstlsapi.dll - ok
12:11:41.0984 1692 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
12:11:41.0984 1692 C:\WINDOWS\system32\tapisrv.dll - ok
12:11:42.0000 1692 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
12:11:42.0000 1692 C:\WINDOWS\system32\rastapi.dll - ok
12:11:42.0015 1692 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
12:11:42.0015 1692 C:\WINDOWS\system32\unimdm.tsp - ok
12:11:42.0031 1692 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
12:11:42.0031 1692 C:\WINDOWS\system32\alg.exe - ok
12:11:42.0031 1692 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
12:11:42.0031 1692 C:\WINDOWS\system32\uniplat.dll - ok
12:11:42.0046 1692 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
12:11:42.0046 1692 C:\WINDOWS\system32\kmddsp.tsp - ok
12:11:42.0062 1692 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
12:11:42.0062 1692 C:\WINDOWS\system32\ndptsp.tsp - ok
12:11:42.0078 1692 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
12:11:42.0078 1692 C:\WINDOWS\system32\h323.tsp - ok
12:11:42.0078 1692 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
12:11:42.0078 1692 C:\WINDOWS\system32\ipconf.tsp - ok
12:11:42.0093 1692 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
12:11:42.0093 1692 C:\WINDOWS\system32\hidphone.tsp - ok
12:11:42.0109 1692 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
12:11:42.0109 1692 C:\WINDOWS\system32\rasppp.dll - ok
12:11:42.0109 1692 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
12:11:42.0109 1692 C:\WINDOWS\system32\ntlsapi.dll - ok
12:11:42.0125 1692 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
12:11:42.0125 1692 C:\WINDOWS\system32\rasqec.dll - ok
12:11:42.0125 1692 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
12:11:42.0125 1692 C:\WINDOWS\system32\upnp.dll - ok
12:11:42.0125 1692 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
12:11:42.0125 1692 C:\WINDOWS\system32\ssdpapi.dll - ok
12:11:42.0140 1692 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] C:\WINDOWS\system32\drivers\http.sys
12:11:42.0140 1692 C:\WINDOWS\system32\drivers\http.sys - ok
12:11:42.0140 1692 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
12:11:42.0140 1692 C:\WINDOWS\system32\ssdpsrv.dll - ok
12:11:42.0156 1692 [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
12:11:42.0156 1692 C:\WINDOWS\system32\wscntfy.exe - ok
12:11:42.0171 1692 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
12:11:42.0171 1692 C:\WINDOWS\system32\cmd.exe - ok
12:11:42.0171 1692 [ 729DA5D23A9AD20A6AA353156A126420 ] C:\WINDOWS\system32\ieframe.dll
12:11:42.0171 1692 C:\WINDOWS\system32\ieframe.dll - ok
12:11:42.0187 1692 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
12:11:42.0187 1692 C:\WINDOWS\system32\spoolss.dll - ok
12:11:42.0203 1692 [ D8AD3D7F927C686B8C233221513DA628 ] C:\WINDOWS\system32\localspl.dll
12:11:42.0203 1692 C:\WINDOWS\system32\localspl.dll - ok
12:11:42.0203 1692 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
12:11:42.0203 1692 C:\WINDOWS\system32\cnbjmon.dll - ok
12:11:42.0218 1692 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
12:11:42.0218 1692 C:\WINDOWS\system32\pjlmon.dll - ok
12:11:42.0218 1692 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
12:11:42.0218 1692 C:\WINDOWS\system32\tcpmon.dll - ok
12:11:42.0218 1692 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
12:11:42.0218 1692 C:\WINDOWS\system32\usbmon.dll - ok
12:11:42.0234 1692 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
12:11:42.0234 1692 C:\WINDOWS\system32\win32spl.dll - ok
12:11:42.0234 1692 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
12:11:42.0234 1692 C:\WINDOWS\system32\netrap.dll - ok
12:11:42.0250 1692 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
12:11:42.0250 1692 C:\WINDOWS\system32\inetpp.dll - ok
12:11:42.0250 1692 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
12:11:42.0250 1692 C:\WINDOWS\system32\cryptnet.dll - ok
12:11:42.0265 1692 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
12:11:42.0265 1692 C:\WINDOWS\system32\sensapi.dll - ok
12:11:42.0265 1692 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\DOCUME~1\User\LOCALS~1\temp\0DC9AE6D-AC61-4A76-880C-29CA3D7A55B0.exe
12:11:42.0265 1692 C:\DOCUME~1\User\LOCALS~1\temp\0DC9AE6D-AC61-4A76-880C-29CA3D7A55B0.exe - ok
12:11:42.0281 1692 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
12:11:42.0281 1692 C:\WINDOWS\system32\linkinfo.dll - ok
12:11:42.0281 1692 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
12:11:42.0281 1692 C:\WINDOWS\system32\ntshrui.dll - ok
12:11:42.0296 1692 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
12:11:42.0296 1692 C:\WINDOWS\system32\verclsid.exe - ok
12:11:42.0296 1692 [ 3E109AD12A9CD07646ECD8AD25E2700F ] C:\Program Files\NetWorx\networx.exe
12:11:42.0296 1692 C:\Program Files\NetWorx\networx.exe - ok
12:11:42.0312 1692 [ 84DB35F319E5B67838A4877C11748866 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
12:11:42.0312 1692 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
12:11:42.0312 1692 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
12:11:42.0312 1692 C:\WINDOWS\system32\mlang.dll - ok
12:11:42.0328 1692 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\36388033.sys
12:11:42.0328 1692 C:\WINDOWS\system32\drivers\36388033.sys - ok
12:11:42.0328 1692 [ E4503303C1659788A0EEA2A519E43496 ] F:\BitTorrent\BitTorrent.exe
12:11:42.0328 1692 F:\BitTorrent\BitTorrent.exe - ok
12:11:42.0328 1692 [ 8479ED7EEB1794C1639BB25AF839C4F9 ] C:\Program Files\NetWorx\sqlite.dll
12:11:42.0343 1692 C:\Program Files\NetWorx\sqlite.dll - ok
12:11:42.0343 1692 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
12:11:42.0343 1692 C:\WINDOWS\system32\snmpapi.dll - ok
12:11:42.0343 1692 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
12:11:42.0343 1692 C:\WINDOWS\system32\mgmtapi.dll - ok
12:11:42.0359 1692 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
12:11:42.0359 1692 C:\WINDOWS\system32\wsnmp32.dll - ok
12:11:42.0359 1692 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
12:11:42.0359 1692 C:\WINDOWS\system32\webcheck.dll - ok
12:11:42.0375 1692 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
12:11:42.0375 1692 C:\WINDOWS\system32\stobject.dll - ok
12:11:42.0375 1692 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
12:11:42.0375 1692 C:\WINDOWS\system32\batmeter.dll - ok
12:11:42.0390 1692 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
12:11:42.0390 1692 C:\WINDOWS\system32\imapi.exe - ok
12:11:42.0390 1692 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
12:11:42.0390 1692 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
12:11:42.0406 1692 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
12:11:42.0406 1692 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
12:11:42.0406 1692 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
12:11:42.0406 1692 C:\WINDOWS\system32\icmp.dll - ok
12:11:42.0406 1692 [ 1B328AC82718850510881289BF8533FD ] C:\WINDOWS\system32\msxml3.dll
12:11:42.0406 1692 C:\WINDOWS\system32\msxml3.dll - ok
12:11:42.0421 1692 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
12:11:42.0421 1692 C:\WINDOWS\system32\rasdlg.dll - ok
12:11:42.0421 1692 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
12:11:42.0421 1692 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
12:11:42.0437 1692 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
12:11:42.0437 1692 C:\WINDOWS\system32\olepro32.dll - ok
12:11:42.0437 1692 [ 0FFAE66E6D5B1C87CBD22D1F3B6079FD ] C:\WINDOWS\system32\wbem\wmiprvse.exe
12:11:42.0437 1692 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
12:11:42.0453 1692 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
12:11:42.0453 1692 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
12:11:42.0453 1692 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
12:11:42.0453 1692 C:\WINDOWS\system32\wbem\framedyn.dll - ok
12:11:42.0468 1692 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
12:11:42.0468 1692 C:\WINDOWS\system32\security.dll - ok
12:11:42.0468 1692 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
12:11:42.0468 1692 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
12:11:42.0468 1692 ============================================================
12:11:42.0468 1692 Scan finished
12:11:42.0468 1692 ============================================================
12:11:42.0578 0340 Detected object count: 0
12:11:42.0578 0340 Actual detected object count: 0


Pc running too slow now! Take like 5sec to start software's
  • 0

#6
ali.B
Posted 29 August 2012 - 02:57 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 1

#7
amicusthe
Posted 29 August 2012 - 04:40 AM

amicusthe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: DOOM3CXD [administrator]

Protection: Enabled

8/29/2012 3:59:01 PM
mbam-log-2012-08-29 (15-59-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226222
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I saw a pop up coming that Outgoing connection blocked by MBA. ESET still scaning
  • 0

#8
ali.B
Posted 29 August 2012 - 06:27 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
so far so good lets see the Eset log ;)
  • 0

#9
amicusthe
Posted 29 August 2012 - 07:45 AM

amicusthe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ESET Report

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\User\Desktop\Right Side Files\AtoWsSbmit.rar multiple threats deleted - quarantined
C:\System Volume Information\_restore{441A4543-B6E8-4F5D-9172-94632D175C24}\RP208\A0131583.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
D:\Urgent\Active Earning Works\Fiverr\Magic Gig's\Fake Traffic\Traffic Tools\Speedy Viewer V1.1.exe a variant of MSIL/Packed.CryptoObfuscator.F application cleaned by deleting - quarantined
D:\Urgent\Phone Data\My Phone Explorer Portable\setup\MyPhoneExplorer_Setup_1.7.5.exe Win32/Adware.ADON application cleaned by deleting - quarantined
E:\Editer Pack Setups\Video sssssss\Rip\SoftonicDownloader47711.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
E:\My Blogs temp & story\Get traffic\SEO Tools Setups\SEO tools Bundel.rar probably unknown NewHeur_PE virus deleted - quarantined
E:\My Softwears\Portable Adobe Page Maker\setup\Portable Adobe Page Maker v7.01.exe probably a variant of Win32/Spy.Agent.KVKEREQ trojan deleted - quarantined
E:\Others\Important Fils\Portable_Adobe_Page_Maker_v7.01.rar probably a variant of Win32/Spy.Agent.KVKEREQ trojan deleted - quarantined
  • 0

#10
ali.B
Posted 29 August 2012 - 08:11 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

How is your system running ?

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

Advertisements

#11
amicusthe
Posted 29 August 2012 - 09:32 AM

amicusthe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
System running slow! And i get those every time i reboot

Posted Image
Posted Image


AdwCleaner site also blocking MBA :upset:

Edited by amicusthe, 29 August 2012 - 09:47 AM.

  • 0

#12
amicusthe
Posted 29 August 2012 - 09:54 AM

amicusthe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
AdwCleaner Log

# AdwCleaner v1.801 - Logfile created 08/29/2012 at 21:13:53
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - DOOM3CXD
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\BS_Player
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\BS_Player
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\BS_Player
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\BS_Player
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3F0A838-6474-4B5C-8E51-6501BAF575FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D0DB14-E38C-4471-9A65-B78461683932}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v18.0.1025.151

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Deleted : "path": "plugins/ConduitChromeApiPlugin.dll",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT279039[...]

-\\ Opera v12.1.1532.0

File : C:\Documents and Settings\User\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3844 octets] - [29/08/2012 21:13:53]

########## EOF - C:\AdwCleaner[S1].txt - [3972 octets] ##########


I didn't understand any logs i posted here! :blush: So how is my system sir? Am i safe now? Or virus guy still see my passwords?

Edited by amicusthe, 29 August 2012 - 10:33 AM.

  • 0

#13
ali.B
Posted 29 August 2012 - 11:25 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

no need to call me sir :blush:, we are almost done here I advise to go over the installed programs you have and remove anything you do not need if you are unsure something let me know :)

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 1

#14
amicusthe
Posted 29 August 2012 - 12:05 PM

amicusthe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OLT Log

OTL logfile created on: 8/29/2012 11:19:42 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.57% Memory free
3.85 Gb Paging File | 3.49 Gb Available in Paging File | 90.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 20.46 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
Drive D: | 63.99 Gb Total Space | 10.11 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 2.59 Gb Free Space | 25.92% Space Free | Partition Type: NTFS
Drive F: | 38.13 Gb Total Space | 2.30 Gb Free Space | 6.03% Space Free | Partition Type: NTFS

Computer Name: DOOM3CXD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 14:20:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/20 07:29:29 | 006,078,360 | ---- | M] (BitTorrent, Inc.) -- F:\BitTorrent\BitTorrent.exe
PRC - [2012/03/22 16:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/12/02 17:01:46 | 003,284,992 | ---- | M] (SoftPerfect) -- C:\Program Files\NetWorx\networx.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/08 10:50:00 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2011/09/17 12:18:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll


========== Services (SafeList) ==========

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/20 01:11:48 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/22 16:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/08 10:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Unavailable | Unknown] -- Device\HarddiskVolume1\Program Files\RingCube\MojoPac\Program Files\RingThree\bin\pvm.sys -- (pvm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/24 15:28:36 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/04/11 17:03:33 | 000,154,464 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/03/22 16:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/03/01 16:30:37 | 000,130,664 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\setupinformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/08 05:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/05/24 17:10:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/06/22 18:14:40 | 004,432,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/03/12 14:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [2006/11/07 14:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006/11/07 14:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt)
DRV - [2006/11/07 14:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006/11/07 14:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006/11/07 14:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus)
DRV - [2004/08/04 04:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsea...q={searchterms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsea...q={searchterms}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fastest"
FF - prefs.js..browser.search.defaulturl: "http://fastestwebsea...={searchTerms}"
FF - prefs.js..browser.search.order.1: "http://fastestwebsea...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Fastest"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://fastestwebsea....com/search?q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 16:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/20 21:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/08/26 23:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions
[2012/07/26 20:37:24 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2012/04/20 22:14:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/13 13:10:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\[email protected]
[2012/05/09 11:48:42 | 000,002,095 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\google.xml
[2012/06/18 22:46:07 | 000,001,344 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\madura.xml
[2012/05/24 23:00:34 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\torrentz.xml
[2012/04/20 21:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 22:43:39 | 000,089,442 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
[2012/04/25 04:45:37 | 000,010,606 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\{E8F509F0-B677-11DE-8A39-0800200C9A66}.XPI
[2012/05/09 11:47:27 | 000,025,781 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 11:50:49 | 000,617,362 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/08/13 12:07:26 | 000,032,816 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 11:50:49 | 000,021,356 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 16:51:08 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/21 07:32:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/25 17:09:20 | 000,005,859 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fastestwebsearch.xml
[2012/06/21 07:32:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/26 06:48:23 | 000,005,142 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wchoppers.xml

========== Chrome ==========

CHR - homepage:
CHR - Extension: BitTorrentBar = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.11.0_0\

O1 HOSTS File: ([2012/08/29 02:28:02 | 000,000,137 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 axandra.com
O1 - Hosts: 127.0.0.1 www.axandra.com
O1 - Hosts: 127.0.0.1 keywordindex.com
O1 - Hosts: 127.0.0.1 www.keywordindex.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect)
O4 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003..\Run: [BitTorrent] F:\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 98.126.105.42 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15B0C5D-F748-4CCF-AEA6-D5C724C7F1B9}: DhcpNameServer = 98.126.105.42 168.95.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/03 12:09:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 23:16:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/08/29 14:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/29 14:38:28 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2012/08/29 12:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Acumen_Logo_Files
[2012/08/29 12:08:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/08/29 12:07:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/08/29 11:42:45 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2012/08/29 02:04:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/29 02:01:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/29 02:01:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/29 02:01:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/29 02:01:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/29 02:01:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/29 02:00:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/29 01:59:38 | 004,739,810 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/08/28 23:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/08/28 23:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/08/28 23:36:34 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\User\Desktop\spybotsd162.exe
[2012/08/28 17:59:15 | 000,000,000 | --SD | C] -- D:\My Documents\Passwords Database
[2012/08/28 17:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2012/08/28 17:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 17:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/28 17:23:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/28 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/28 14:20:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/28 13:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/28 13:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/27 12:23:18 | 000,000,000 | R--D | C] -- C:\Backup
[2012/08/27 12:21:27 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2012/08/27 12:21:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2012/08/27 10:30:04 | 000,339,320 | ---- | C] (Hide My IP) -- C:\WINDOWS\System32\HMIPCore.dll
[2012/08/25 01:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR
[2012/08/25 01:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/08/22 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Skillbrains
[2012/08/22 20:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\LightShot
[2012/08/22 20:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Skillbrains
[2012/08/22 09:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\RankBuilderNEO
[2012/08/21 19:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\SN
[2012/08/14 19:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\bizarre creations
[2012/08/12 22:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\THQ
[2012/08/12 15:37:08 | 000,000,000 | ---D | C] -- D:\My Documents\Ubisoft
[2012/08/12 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Babel Rising
[2012/08/04 05:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 23:18:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/29 21:09:56 | 000,008,553 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Incoming.jpg
[2012/08/29 21:01:37 | 000,618,227 | ---- | M] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2012/08/29 20:59:23 | 000,008,736 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Outgoing 2.jpg
[2012/08/29 20:55:19 | 000,136,778 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Outgoing.bmp
[2012/08/29 16:50:40 | 025,080,093 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1.gif
[2012/08/29 16:10:07 | 033,585,152 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1.avi
[2012/08/29 14:39:02 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\User\Desktop\esetsmartinstaller_enu.exe
[2012/08/29 14:23:35 | 000,003,641 | ---- | M] () -- C:\Documents and Settings\User\Desktop\identicon-368243-65-65.png
[2012/08/29 14:11:25 | 000,295,761 | ---- | M] () -- C:\Documents and Settings\User\Desktop\skilltest_result.pdf
[2012/08/29 12:37:06 | 005,008,113 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Acumen_Logo_Files.zip
[2012/08/29 11:43:21 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2012/08/29 02:28:02 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/29 02:04:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/29 02:00:32 | 004,739,810 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/08/28 23:40:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\User\Desktop\spybotsd162.exe
[2012/08/28 18:19:25 | 004,138,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/28 18:10:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2012/08/28 14:20:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/28 03:47:56 | 000,002,026 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/08/27 11:04:36 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\User\SecurityKISSTunnel.config
[2012/08/27 10:14:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/27 02:01:45 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/08/26 23:03:46 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Reports.lnk
[2012/08/26 21:22:08 | 000,006,083 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Screenshot_1.jpg
[2012/08/26 16:15:04 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/08/26 16:14:35 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/08/26 10:22:00 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/08/25 19:05:29 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2012/08/24 09:21:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/08/23 21:57:17 | 004,475,264 | ---- | M] () -- D:\My Documents\Logo Types.jpg
[2012/08/23 10:45:43 | 000,305,334 | ---- | M] () -- D:\My Documents\Redeem magic Point.bmp
[2012/08/23 01:42:48 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2012/08/22 20:26:34 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\UserProducts.xml
[2012/08/21 17:19:39 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 22:32:29 | 000,001,262 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120829-000827.backup
[2012/08/12 01:53:00 | 004,675,803 | ---- | M] () -- D:\My Documents\timeanalsex3GP_e0a0_w_2.3gp
[2012/08/10 17:19:23 | 000,678,956 | ---- | M] () -- D:\My Documents\Skyline Car.jpg
[2012/08/04 22:20:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 21:09:56 | 000,008,553 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Incoming.jpg
[2012/08/29 21:01:29 | 000,618,227 | ---- | C] () -- C:\Documents and Settings\User\Desktop\adwcleaner.exe
[2012/08/29 20:59:23 | 000,008,736 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Outgoing 2.jpg
[2012/08/29 20:55:18 | 000,136,778 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Outgoing.bmp
[2012/08/29 16:50:23 | 025,080,093 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1.gif
[2012/08/29 16:09:39 | 033,585,152 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1.avi
[2012/08/29 14:23:26 | 000,003,641 | ---- | C] () -- C:\Documents and Settings\User\Desktop\identicon-368243-65-65.png
[2012/08/29 14:11:21 | 000,295,761 | ---- | C] () -- C:\Documents and Settings\User\Desktop\skilltest_result.pdf
[2012/08/29 12:35:40 | 005,008,113 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Acumen_Logo_Files.zip
[2012/08/29 02:04:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/29 02:04:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/29 02:01:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/29 02:01:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/29 02:01:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/29 02:01:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/29 02:01:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/28 18:18:57 | 004,138,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/26 21:22:08 | 000,006,083 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Screenshot_1.jpg
[2012/08/23 21:57:17 | 004,475,264 | ---- | C] () -- D:\My Documents\Logo Types.jpg
[2012/08/23 10:45:43 | 000,305,334 | ---- | C] () -- D:\My Documents\Redeem magic Point.bmp
[2012/08/23 01:25:02 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2012/08/22 20:26:31 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\UserProducts.xml
[2012/08/12 01:50:13 | 004,675,803 | ---- | C] () -- D:\My Documents\timeanalsex3GP_e0a0_w_2.3gp
[2012/08/10 17:19:40 | 000,678,956 | ---- | C] () -- D:\My Documents\Skyline Car.jpg
[2012/07/24 18:43:37 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/07/24 18:43:31 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/07/24 18:41:50 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/07/15 16:34:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll
[2012/07/13 18:58:09 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/06/07 18:05:17 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012/04/13 20:12:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\EQ3D.ini
[2012/04/09 15:22:44 | 002,577,776 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2012/04/07 14:35:08 | 000,002,026 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/04/07 09:37:14 | 000,135,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/29 21:00:26 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\User\Application Data\burnaware.ini
[2012/03/26 19:27:37 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\User\SecurityKISSTunnel.config
[2012/03/12 13:47:14 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/03/01 23:11:47 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2012/02/27 14:24:35 | 003,640,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-1343024091-725345543-1003-0.dat
[2012/02/20 04:49:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\Sx5363.ini
[2012/02/18 09:47:43 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\User\jagex_cl_runescape_LIVE.dat
[2012/02/18 09:47:43 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\User\random.dat
[2012/02/14 03:17:07 | 000,592,214 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/10 09:30:05 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\WebpageIcons.db
[2011/12/08 12:21:25 | 002,307,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/08 01:50:34 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 01:05:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/02 09:33:52 | 000,000,252 | ---- | C] () -- C:\WINDOWS\comsoltof.dll
[2011/11/24 11:07:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2011/11/23 17:11:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/11/20 19:07:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2011/11/20 19:07:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2011/11/20 19:07:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bsrlback.dll
[2011/11/20 19:07:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bsreffs.dll
[2011/11/20 19:07:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\bsrgvas.dll
[2011/11/20 19:07:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool2.dat
[2011/11/20 19:06:43 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2011/11/20 19:06:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2011/11/13 16:03:30 | 000,134,120 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2011/11/08 20:05:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\winecf83_va.dll
[2011/11/04 10:49:51 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2011/11/03 17:54:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/03 14:34:33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/03 14:34:33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/03 14:34:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/03 14:34:20 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/03 14:29:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/11/03 14:26:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/03 12:11:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 12:05:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 04:56:50 | 000,024,244 | ---- | C] () -- C:\Documents and Settings\User\Application Data\fix.dat

========== LOP Check ==========

[2011/12/05 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2011/12/15 11:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/08 19:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/02/25 18:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bimesoft
[2012/04/23 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPS
[2012/04/07 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\framezoo.com
[2012/01/07 08:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2012/05/09 20:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaskMyIP
[2012/07/02 11:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTA San Andreas All
[2012/01/07 17:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2012/03/23 00:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlatinumHideIP
[2012/07/24 08:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com(2).adobe
[2012/03/12 13:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/20 11:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2011/11/23 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2012/03/24 23:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sincell
[2011/12/31 09:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2012/06/07 15:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Synetic
[2012/03/19 11:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A8354D97-4791-4302-9B19-7A7686B5F231}
[2011/11/12 09:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Opera
[2012/01/23 12:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2012/04/09 03:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\(null)
[2012/02/01 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\3DeadZed
[2011/12/19 00:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Affilorama
[2011/11/08 18:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Aleo Software
[2012/02/16 12:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Artisteer
[2011/12/05 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AutoHideIP
[2012/08/04 05:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG
[2012/08/29 23:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2012/08/29 23:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer
[2011/11/03 22:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer Pro
[2011/11/29 17:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bullet Train
[2012/07/22 22:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/09 09:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/08 02:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DeepBurner
[2012/03/04 09:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2012/08/01 11:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EurekaLog
[2011/11/22 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EyesKeeper
[2012/03/21 21:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2012/04/07 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\framezoo.com
[2012/03/30 23:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/11/04 10:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2011/12/04 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HU2011
[2012/08/29 23:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IBP
[2012/03/30 16:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IFViewer
[2012/07/13 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IgniteSEO
[2012/02/26 11:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Immunet
[2011/12/07 18:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InfraRecorder
[2012/01/12 13:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IrfanView
[2012/04/08 12:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jycyep
[2012/04/12 21:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Keyword Research Pro
[2011/11/20 19:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam
[2012/04/07 02:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/05/09 20:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MaskMyIP
[2012/03/18 10:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MAXON
[2012/02/01 22:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Molura
[2011/12/29 09:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Movie Cartoonizer Default Project
[2011/12/15 11:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ObviousIdea
[2011/11/03 13:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2012/07/11 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2012/03/23 00:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlatinumHideIP
[2012/01/23 11:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/11/23 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\River Past G5
[2012/03/05 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Rovio
[2012/03/18 01:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScrapeBox Link Checker Free Edition
[2012/07/12 07:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SimpleSEO
[2012/03/24 23:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sincell
[2012/06/16 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spiritsoft
[2012/01/20 00:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StarBurn
[2012/04/07 10:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StealthKeywordDigger
[2012/03/29 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall
[2012/07/14 13:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2012/06/15 10:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Titanium
[2012/02/27 11:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UBot Studio
[2012/03/21 17:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\wargaming.net
[2011/11/23 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Watermark Master
[2012/06/17 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WikiBomber
[2012/02/29 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinHKI
[2012/02/01 22:32:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\wyUpdate AU
[2012/03/23 09:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ylnoj
[2012/08/28 18:10:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 971 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPWHLX2KJ0V9TPNT4RFBHCM6JWJFSPF7VB4VPJGF
@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E74A38A2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA

< End of report >

Can you please look at that screenshots? i still get those popups. Isn't that virus trying to send my data to virus guy?
  • 0

#15
ali.B
Posted 29 August 2012 - 12:08 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
are the IP's blocked by Malwarebytes always the same ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP