Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DVD Drives Suddenly don't AutoPlay [Solved]


  • This topic is locked This topic is locked

#1
Jackpine

Jackpine

    Member

  • Member
  • PipPipPip
  • 347 posts
Greetings, I originally posted this problem in the Hardware, Components and Peripherals forum, but after doing all the steps requested by the Geeks to Go technical person, and the problem continued, he suggested that I post in the Malware forum. here

The problem is as follows: I have two DVD drives (D and E). They currently work properly, except suddenly a few days ago they both stopped the Autoplay function. When I insert a DVD that I know plays in my Sony DVD player, nothing happens. However, when I first select Media Player Classic and then open the DVD that is in either of the drives, the DVD will play. Thank you for any help.

Here is the OTL log, followed by the OTL Extras log:

OTL logfile created on: 2/23/2014 9:48:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.57% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 204.49 Gb Free Space | 68.60% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 148.78 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 432.05 Gb Free Space | 92.76% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/23 09:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2014/02/15 08:17:30 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2010/08/20 08:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 01:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/20 18:09:30 | 016,265,096 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/15 08:17:29 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/03 11:44:25 | 000,178,464 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
MOD - [2014/02/03 11:44:24 | 000,190,752 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/07/15 15:46:26 | 000,300,368 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
MOD - [2010/03/08 21:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2009/02/06 13:26:58 | 007,182,808 | ---- | M] () -- C:\Program Files\ESET\ESET Smart Security\ekrnSmonEngine.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/11 22:32:28 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2005/12/22 16:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Robert\LOCALS~1\Temp\SQN.exe -- (SQN)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 18:09:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 08:17:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/07/07 11:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/23 23:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 20:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 19:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 07:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utk0mtqx.sys -- (utk0mtqx)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kknfmfzr.sys -- (kknfmfzr)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2014/02/20 21:54:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/11/26 09:46:08 | 000,120,616 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/03/31 13:32:54 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/06/30 10:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011/06/30 10:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/06/14 13:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 13:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 06:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/08 21:52:45 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/10/24 22:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/10/24 22:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/10/24 22:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 22:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/02/06 13:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 13:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 21:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 21:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 21:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2007/01/14 14:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 15:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2006/06/05 18:53:15 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 04:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EF8CA572-5715-47F4-9829-1C110E04F599}: "URL" = http://gb.iamwired.n...h={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://easy-google-s...h.blogspot.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...=ISO-8859-1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/02 05:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2013/09/26 21:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions
[2014/02/15 08:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 08:17:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/01/18 18:06:45 | 000,444,654 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343529479926 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 17:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/23 09:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/22 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2014/02/22 22:45:10 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2014/02/22 22:45:08 | 000,122,880 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2014/02/22 15:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2014/02/20 21:54:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/19 23:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
[2014/02/19 16:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2014/02/15 14:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/02/15 13:23:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Whispered Secrets 2 - Into the Beyond Collectors Edition
[2014/02/15 08:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 17:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/11 16:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2014/02/04 20:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2014/02/04 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2014/01/26 21:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2014/01/25 12:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\SunwardGames
[2008/08/16 08:32:00 | 000,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Robert\utorrent.exe
[2007/03/23 16:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/02/23 09:46:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/23 09:44:24 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2014/02/23 09:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/23 09:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/22 23:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/22 22:45:13 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 17:11:03 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/22 17:10:07 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/02/22 17:09:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/22 13:27:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2014/02/22 12:21:31 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:39 | 000,141,685 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:04 | 000,056,752 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:34 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 22:06:46 | 001,241,834 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/02/20 21:54:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/20 18:55:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk
[2014/02/19 16:45:03 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Haunted Legends The Bronze Horseman CE.lnk
[2014/02/12 17:26:13 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 17:26:13 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 16:57:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/06 13:00:00 | 000,112,640 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/01/29 17:54:06 | 000,000,123 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== Files Created - No Company Name ==========

[2014/02/22 22:45:13 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 22:45:11 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/22 22:45:10 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/22 22:45:10 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/22 22:45:02 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/22 12:21:44 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:44 | 000,141,685 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:07 | 000,056,752 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:43 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 22:06:45 | 001,241,834 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/02/19 16:45:03 | 000,002,259 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Haunted Legends The Bronze Horseman CE.lnk
[2014/02/12 16:52:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 19:49:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/18 19:48:06 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/18 19:48:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/07/18 19:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/07/18 19:46:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/04/06 21:47:47 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Robert\April 6. 2013 Devious.sud
[2013/03/31 13:32:54 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/03 21:24:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2011/01/27 18:55:00 | 000,028,953 | ---- | C] () -- C:\Documents and Settings\Robert\Superior Account.pdf
[2010/12/13 17:01:00 | 000,661,626 | ---- | C] () -- C:\Documents and Settings\Robert\Toesy.jpg
[2010/11/02 22:03:23 | 000,256,334 | ---- | C] () -- C:\Documents and Settings\Robert\B4635100
[2010/10/24 16:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 17:41:54 | 005,257,216 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
[2008/09/10 23:20:31 | 050,495,934 | ---- | C] () -- C:\Documents and Settings\Robert\ALC880_882_Vista_6015350.zip
[2008/08/30 11:14:22 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\netstat.bat
[2007/12/31 09:03:09 | 003,435,064 | ---- | C] () -- C:\Documents and Settings\Robert\Rotel 812 Repair Manual.pdf
[2007/11/25 22:46:48 | 000,000,123 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/25 13:19:48 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2007/03/23 16:38:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ezpinst.exe
[2007/03/23 16:38:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2007/03/23 16:38:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2007/01/25 22:46:40 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2006/09/30 23:17:08 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu.daa
[2006/07/26 16:35:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Robert\mylist.dat
[2006/07/25 16:22:41 | 000,002,863 | ---- | C] () -- C:\Documents and Settings\Robert\report.htm
[2006/06/11 02:32:06 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/09 22:03:02 | 000,361,512 | ---- | C] ( ) -- C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe

========== ZeroAccess Check ==========

[2007/01/16 17:22:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/25 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/10/25 18:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/04/19 17:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2014/01/20 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2007/11/25 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 22:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 12:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 16:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/09/26 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2010/01/18 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/10/27 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2007/07/19 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/07/07 11:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/06/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2013/02/08 06:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/23 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/11/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Odian Games
[2007/04/30 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2013/07/11 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/01 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/02/28 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/04/21 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 08:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/10 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2014/02/22 17:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2012/01/28 17:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2013/07/12 16:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2014/02/04 18:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2012/07/30 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artifex Mundi
[2013/05/10 19:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artogon
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2013/10/06 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Big Fish Games
[2014/02/14 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/19 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Blue Tea Games
[2014/02/15 11:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2012/12/09 21:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Brabl
[2012/07/30 13:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Casual Box
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\casualArts
[2013/10/06 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Chayowo Games
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DailyMagic
[2013/10/07 11:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DanceOfDeath
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2014/02/04 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2007/01/07 00:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2012/08/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2007/01/16 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2014/01/20 19:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Eipix
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Elephant Games
[2011/03/26 10:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 21:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2013/03/19 15:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EntwinedSoD
[2014/02/19 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2013/03/09 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EurekaLog
[2013/12/04 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FarmMystery
[2014/01/05 22:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FGS
[2014/01/12 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Frogwares
[2012/07/07 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/07/02 09:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2014/02/15 14:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/01/17 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gunnar Games
[2012/04/02 15:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HdO Adventure
[2011/03/25 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 00:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/06 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 11:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2012/09/27 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Jetdogs Studios
[2007/03/28 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 22:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2013/11/08 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mad Head Games
[2013/01/16 17:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MagicIndie
[2008/05/15 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2014/01/26 21:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2008/08/28 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2013/12/12 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Meridian93
[2014/02/11 16:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2011/04/18 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 18:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2013/04/17 21:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Organic 2 Digital
[2012/08/17 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2013/07/12 14:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PuzzleLab
[2007/01/25 20:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2012/12/09 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Skunk Studios
[2008/05/08 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2013/12/19 12:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Specialbit
[2011/01/08 17:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\The Inquisitor
[2012/07/07 10:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TripleHippo
[2010/07/25 16:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2014/02/23 09:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2013/10/22 21:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vast Studios
[2010/10/16 17:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 12:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 17:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB36814$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA5888A7
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC3B44
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD3F344
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9195103F
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D133896
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4258C5D
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48C205FE
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85AA7074
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8855A119
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB393E91
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DDC99D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:474022C7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26499772
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:114C90CA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774C075A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02CC0035
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92

< End of report >

OTL Extras log:

OTL Extras logfile created on: 2/23/2014 9:48:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.57% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 204.49 Gb Free Space | 68.60% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 148.78 Gb Free Space | 31.94% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 432.05 Gb Free Space | 92.76% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C631AC5-3AA0-418F-B132-29F8432F1C19}" = COSMOSWorks 2008 SP03
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{266EB766-9ABB-40D0-AB9F-41EE46D23876}" = SolidWorks 2008 SP03
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{32611C62-474D-47B1-B347-06453D430A28}" = DVDInfoPro
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{40345A8F-3B72-44DE-814F-72E8A52B1161}" = eDrawings 2008
"{43224D30-5941-47A4-9AD7-9250EE794396}" = SigmaPlot 10.0
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1" = DVD Rebuilder
"{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}" = Sudoku Works
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8876F541-F374-4375-BF2A-8FD9FA8141C4}" = COSMOSMotion 2008 SP0
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris
"{9A1DEA53-94B4-4780-8F95-F422949A5A35}" = CounterSpy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}" = PerfectDisk 12 Professional
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}" = SolidWorks Explorer 2008 sp0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4E2A2F2-2A53-42C7-920A-169713776631}" = HP Officejet 4620 series Basic Device Software
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}" = DWGeditor
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECE12161-B445-48FA-9056-FD54D8A72459}" = OriginPro 7.5
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E2505F-AA57-476B-9F67-F8C5E3938080}" = ESET Smart Security
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AnyDVD" = AnyDVD
"Audio Converter Pro" = River Past Audio Converter Pro
"AVIcodec" = AVIcodec (remove only)
"BC2_is1" = Beyond Compare Version 2.4.3
"CCE SP Trial Version" = CCE SP Trial Version
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"CoreFLAC Audio Decoder+Source Filter" = CoreFLAC Audio Decoder+Source Filter (remove only)
"DSMT5" = MathType 5
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"DVDFab 9_is1" = DVDFab 9.0.1.5 (08/12/2012) Qt
"Easy CD-DA Extractor 2011" = Easy CD-DA Extractor 2011
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"GoldWave v5.13" = GoldWave v5.13
"Haunted Legends The Bronze Horseman Collectors Edition 1.00" = Haunted Legends The Bronze Horseman Collectors Edition 1.00
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"ImgBurn" = ImgBurn
"IsoBuster_is1" = IsoBuster 3.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.3.0
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maple 12" = Maple 12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PFConfig" = PFConfig 1.0.296
"PFPortChecker" = PFPortChecker 1.0.39
"Photodex Presenter" = Photodex Presenter
"Portforward Static IP Address" = Portforward Static IP Address 1.0.47
"PRJPRO" = Microsoft Office Project Professional 2007
"ProShow Producer" = ProShow Producer
"Spy Sweeper Updater 2.0.0 Alpha 4000" = Spy Sweeper Updater 2.0.0 Alpha 4000
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.3
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YU2010_is1" = Your Uninstaller! 2010

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2013 1:47:55 PM | Computer Name = FIRSTBUILD | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 10/22/2013 6:35:18 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.6.8.7378, faulting module
ff_libmad.dll, version 0.15.1.0, fault address 0x000010f5.

Error - 12/19/2013 2:22:19 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application hpscan.exe, version 28.0.1315.0, faulting module
hpscan.exe, version 28.0.1315.0, fault address 0x000052d9.

Error - 12/24/2013 2:44:47 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application PDEngine.exe, version 12.0.0.275, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/12/2014 9:26:36 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application redemptioncemetery2childrensplightce.exe, version
0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Error - 1/16/2014 10:43:40 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application redemptioncemetery3_gravetestimonyce.exe, version
0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0,
fault address 0x0014be2a.

Error - 1/16/2014 10:44:30 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application redemptioncemetery3_gravetestimonyce.exe, version
0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0,
fault address 0x0014be2a.

Error - 1/16/2014 11:00:11 PM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application redemptioncemetery3_gravetestimonyce.exe, version
0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0,
fault address 0x0014be2a.

Error - 1/17/2014 11:45:07 AM | Computer Name = FIRSTBUILD | Source = Application Error | ID = 1000
Description = Faulting application redemptioncemetery3_gravetestimonyce.exe, version
0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0,
fault address 0x0014be2a.

Error - 2/12/2014 6:22:30 PM | Computer Name = FIRSTBUILD | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 2/22/2014 6:11:25 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 2/22/2014 6:11:25 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the ProtexisLicensing service
to connect.

Error - 2/22/2014 6:11:25 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7000
Description = The ProtexisLicensing service failed to start due to the following
error: %%1053

Error - 2/22/2014 6:11:25 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 2/22/2014 6:11:25 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/22/2014 6:11:25 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/22/2014 10:06:34 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/22/2014 11:57:13 PM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2014 12:10:33 AM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 2/23/2014 12:12:32 AM | Computer Name = FIRSTBUILD | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hello Jackpine and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
Also please note before we begin:
Please be aware that removing Malware can be a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot %100 guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before we start.


Sorry about the wait, this happens sometimes - I will look over your logs and remove any malware, hopefully your issues will get solved by doing this. If not I will send you back to my colleague phillpower2, who is much better with Windows issues than I am .
Let's get a fresh look at your system since your first post was a few days ago.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log in your next response

  • 0

#3
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
Hi Crowbar. Thank you for helping me out. The OTL log is posted below.


OTL logfile created on: 2/28/2014 4:44:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.28% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 204.58 Gb Free Space | 68.63% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 149.33 Gb Free Space | 32.06% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 402.54 Gb Free Space | 86.43% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2014/02/15 08:17:30 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2010/08/20 08:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 01:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 08:17:29 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/07 10:24:42 | 000,178,464 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
MOD - [2014/02/07 10:24:41 | 000,190,752 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
MOD - [2010/07/15 15:46:26 | 000,300,368 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
MOD - [2010/03/31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/03/08 21:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2005/12/22 16:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Robert\LOCALS~1\Temp\SQN.exe -- (SQN)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 18:09:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 08:17:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/07/07 11:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/23 23:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 20:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 19:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 07:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utk0mtqx.sys -- (utk0mtqx)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kknfmfzr.sys -- (kknfmfzr)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2014/02/20 21:54:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/11/26 09:46:08 | 000,120,616 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/03/31 13:32:54 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/06/30 10:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011/06/30 10:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/06/14 13:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 13:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 06:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/08 21:52:45 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/10/24 22:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/10/24 22:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/10/24 22:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 22:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/02/06 13:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 13:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 21:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 21:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 21:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2007/01/14 14:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 15:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2006/06/05 18:53:15 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 04:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{EF8CA572-5715-47F4-9829-1C110E04F599}: "URL" = http://gb.iamwired.n...h={SearchTerms}
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://easy-google-s...h.blogspot.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...=ISO-8859-1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/02 05:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2013/09/26 21:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions
[2014/02/15 08:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 08:17:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/01/18 18:06:45 | 000,444,654 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343529479926 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 17:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-789336058-725345543-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/28 16:43:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/24 22:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Start Menu\Programs\Sonya Collectors Edition
[2014/02/24 22:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2014/02/24 16:50:23 | 000,000,000 | ---D | C] -- C:\HP Scans
[2014/02/23 17:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
[2014/02/22 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2014/02/22 22:45:10 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2014/02/22 22:45:08 | 000,122,880 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2014/02/22 15:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2014/02/20 21:54:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/19 23:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
[2014/02/15 14:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/02/15 13:23:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Whispered Secrets 2 - Into the Beyond Collectors Edition
[2014/02/15 08:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 17:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/11 16:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2014/02/04 20:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2014/02/04 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2008/08/16 08:32:00 | 000,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Robert\utorrent.exe
[2007/03/23 16:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/28 16:37:32 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2014/02/28 16:36:29 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/28 16:35:32 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/02/28 16:35:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/28 16:35:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/28 06:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/28 06:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/25 13:55:45 | 000,354,923 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 22:31:28 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Sonya Collectors Edition.lnk
[2014/02/24 20:13:57 | 001,376,794 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 16:56:36 | 000,235,620 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 13:27:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2014/02/22 12:21:31 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:39 | 000,141,685 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:04 | 000,056,752 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:34 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 21:54:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/02/20 18:55:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk
[2014/02/12 17:26:13 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 17:26:13 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 16:57:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/06 13:00:00 | 000,112,640 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/01/29 17:54:06 | 000,000,123 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== Files Created - No Company Name ==========

[2014/02/25 13:55:45 | 000,354,923 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 22:31:28 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Sonya Collectors Edition.lnk
[2014/02/24 20:13:57 | 001,376,794 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 21:27:46 | 000,282,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/23 16:56:36 | 000,235,620 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 22:45:11 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/22 22:45:10 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/22 22:45:10 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/22 22:45:02 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/22 12:21:44 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:44 | 000,141,685 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:07 | 000,056,752 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:43 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/12 16:52:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 19:49:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/18 19:48:06 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/18 19:48:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/07/18 19:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/07/18 19:46:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/04/06 21:47:47 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Robert\April 6. 2013 Devious.sud
[2013/03/31 13:32:54 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/03 21:24:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2011/01/27 18:55:00 | 000,028,953 | ---- | C] () -- C:\Documents and Settings\Robert\Superior Account.pdf
[2010/12/13 17:01:00 | 000,661,626 | ---- | C] () -- C:\Documents and Settings\Robert\Toesy.jpg
[2010/11/02 22:03:23 | 000,256,334 | ---- | C] () -- C:\Documents and Settings\Robert\B4635100
[2010/10/24 16:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 17:41:54 | 005,257,216 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
[2008/09/10 23:20:31 | 050,495,934 | ---- | C] () -- C:\Documents and Settings\Robert\ALC880_882_Vista_6015350.zip
[2008/08/30 11:14:22 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\netstat.bat
[2007/12/31 09:03:09 | 003,435,064 | ---- | C] () -- C:\Documents and Settings\Robert\Rotel 812 Repair Manual.pdf
[2007/11/25 22:46:48 | 000,000,123 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/25 13:19:48 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2007/03/23 16:38:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ezpinst.exe
[2007/03/23 16:38:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2007/03/23 16:38:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2007/01/25 22:46:40 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2006/09/30 23:17:08 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu.daa
[2006/07/26 16:35:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Robert\mylist.dat
[2006/07/25 16:22:41 | 000,002,863 | ---- | C] () -- C:\Documents and Settings\Robert\report.htm
[2006/06/11 02:32:06 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/09 22:03:02 | 000,361,512 | ---- | C] ( ) -- C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe

========== ZeroAccess Check ==========

[2007/01/16 17:22:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/25 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/10/25 18:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/04/19 17:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2014/01/20 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2007/11/25 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 22:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 12:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 16:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/09/26 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2010/01/18 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/10/27 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2007/07/19 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/07/07 11:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/06/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2014/02/23 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/23 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/11/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Odian Games
[2007/04/30 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2013/07/11 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/01 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/02/28 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/04/21 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 08:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/10 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2014/02/27 21:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2012/01/28 17:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2013/07/12 16:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2014/02/04 18:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2012/07/30 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artifex Mundi
[2013/05/10 19:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artogon
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2013/10/06 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Big Fish Games
[2014/02/14 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/19 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Blue Tea Games
[2014/02/15 11:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2012/12/09 21:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Brabl
[2012/07/30 13:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Casual Box
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\casualArts
[2013/10/06 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Chayowo Games
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DailyMagic
[2013/10/07 11:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DanceOfDeath
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2014/02/04 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2007/01/07 00:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2012/08/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2007/01/16 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2014/01/20 19:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Eipix
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Elephant Games
[2011/03/26 10:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 21:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2013/03/19 15:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EntwinedSoD
[2014/02/19 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2013/03/09 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EurekaLog
[2013/12/04 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FarmMystery
[2014/01/05 22:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FGS
[2014/01/12 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Frogwares
[2012/07/07 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/07/02 09:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2014/02/15 14:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/01/17 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gunnar Games
[2012/04/02 15:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HdO Adventure
[2011/03/25 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 00:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/06 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 11:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2012/09/27 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Jetdogs Studios
[2007/03/28 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 22:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2013/11/08 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mad Head Games
[2013/01/16 17:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MagicIndie
[2008/05/15 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2014/01/26 21:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2008/08/28 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2013/12/12 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Meridian93
[2014/02/11 16:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2011/04/18 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 18:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2013/04/17 21:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Organic 2 Digital
[2012/08/17 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2013/07/12 14:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PuzzleLab
[2007/01/25 20:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2012/12/09 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Skunk Studios
[2008/05/08 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2014/02/24 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Specialbit
[2011/01/08 17:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\The Inquisitor
[2012/07/07 10:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TripleHippo
[2010/07/25 16:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2014/02/28 16:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2013/10/22 21:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vast Studios
[2010/10/16 17:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 12:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 17:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
No service found with a name of SharedAccess
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CNF >
[2006/06/10 08:19:28 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Robert\My Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013/04/05 17:13:54 | 000,001,634 | ---- | M] () MD5=733B1221EBE0DE0E7CCEF7C743F92BDB -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2008/09/02 19:18:50 | 000,001,602 | ---- | M] () MD5=72DDB125D92BBB9CA2F221568A630F4A -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< MD5 for: WINSOCK.H >
[2008/05/15 22:53:58 | 000,016,913 | ---- | M] () MD5=BEF8ED9305E84CB948BA681F4287B68B -- C:\watcom-1.3\h\nt\winsock.h

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Boot Drive
Volume Serial Number is 5400-9B93
Directory of C:\WINDOWS
03/05/2011 06:19 PM <JUNCTION> $NtUninstallKB36814$
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/12/2014 04:59 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/12/2014 04:59 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/12/2014 04:54 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/12/2014 04:49 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
5 Dir(s) 219,544,891,392 bytes free

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB36814$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA5888A7
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC3B44
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD3F344
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9195103F
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D133896
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4258C5D
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48C205FE
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85AA7074
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8855A119
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB393E91
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DDC99D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:474022C7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26499772
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:114C90CA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774C075A
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02CC0035
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92

< End of report >
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hi there,
I see that you have a program called counterspy as a anti spyware utility. It is old and unsupported. I would use MalwareBytes for this purpose instead.

I see that you have had a symantic anti virus product on here in the past, so I will have you run the Norton Removal Tool.

I see that you have Hittman Pro installed, I am not a fan of this program, as it can have disasterous effects on a computer, seen plenty of non booting machines here because of this one. If it were me, I would uninstall it, but either way, please don't use it while we are working on this computer.

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • uTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
Please visit the following site:
P2P File Sharing: Evaluate the Risks
If you do not want to remove them, please DO NOT use them while we are cleaning your machine, but be assured, if you download files using P2P programs, you will get an infection.

If you need any help removing them I will be glad to assist you.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Robert\LOCALS~1\Temp\SQN.exe -- (SQN)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utk0mtqx.sys -- (utk0mtqx)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kknfmfzr.sys -- (kknfmfzr)
    DRV - [2006/06/05 18:53:15 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    @Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA5888A7
    @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F
    @Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC3B44
    @Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CD3F344
    @Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9195103F
    @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D133896
    @Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4258C5D
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48C205FE
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85AA7074
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8855A119
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB393E91
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2DDC99D
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:474022C7
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26499772
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:114C90CA
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:774C075A
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02CC0035
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

  • Put a checkmark beside loaded modules.

Posted Image

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
Posted Image

  • Click the Start Scan button.
Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Posted Image
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3
Please download the Norton Removal Tool from here
to your desktop.
Double click on the icon to run the Norton Removal Tool. You may have to reboot your computer afterwards.

In your next reply I would like to see:
  • OTL fix log
  • TDSSkiller log
  • How is your computer doing now?

  • 0

#5
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
Hi Crowbar, before I get to the logs, let my address your comments at the beginning of your last post.

1. I only use CounterSpy for on demand scanning. I know that it is old and unsupported, however, updates are still available manually, which I do about once a week. I also use MalwareBytes for on demand scans. You suggest I uninstall CounterSpy?

2. I ran the Norton Removal Tool. It said that all traces from Symantic that I had about 5 years ago were removed. Thanks for pointing that out.

3. I had no idea that Hitman Pro is on my machine. I can't find it on Add/Remove. Please provide instructions on how to get rid of this.

4. P2P. I am aware of the hazards of using this. Typically, I have used it for movie and music files, although I have to admit, I do sometimes stray to some more "dubious" sites where junk is likely to contaminate my machine. I will assess my future use of this technology. Not sure what I will do at this point, but your warning is taken.

I ran OTL and Kaspersky. The scans are provided below. What kind of garbage did I have?

I tried my D and E drives again, but the AutoPlay function still does not work. As before, if I first start Media Player Classic, then I can select and play a DVD. This problem exists on both drives, and as far as I know, it started on both drives at the same time. Additionally, both drives can burn without problem, and play (manually) without problem.

Thank you again for your help.

_____________________________________________________________________________________________

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service SQN stopped successfully!
Service SQN deleted successfully!
File C:\DOCUME~1\Robert\LOCALS~1\Temp\SQN.exe not found.
Service utk0mtqx stopped successfully!
Service utk0mtqx deleted successfully!
File C:\WINDOWS\system32\Drivers\utk0mtqx.sys not found.
Service kknfmfzr stopped successfully!
Service kknfmfzr deleted successfully!
File C:\WINDOWS\system32\drivers\kknfmfzr.sys not found.
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
C:\WINDOWS\system32\drivers\symlcbrd.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA5888A7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE198B1F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89CC3B44 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CD3F344 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9195103F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2D133896 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B4258C5D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48C205FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:85AA7074 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8855A119 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B0456F0C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB393E91 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2DDC99D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:474022C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26499772 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:114C90CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED0B32CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:774C075A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:02CC0035 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C412B92 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Robert
->Temp folder emptied: 104656874 bytes
->Temporary Internet Files folder emptied: 3409654 bytes
->Java cache emptied: 43465 bytes
->FireFox cache emptied: 379346983 bytes
->Flash cache emptied: 30332 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2856608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 197254993 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 656.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03012014_114728

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

______________________________________________________________________________

11:58:18.0156 0x0598 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
11:58:21.0593 0x0598 ============================================================
11:58:21.0593 0x0598 Current date / time: 2014/03/01 11:58:21.0593
11:58:21.0593 0x0598 SystemInfo:
11:58:21.0593 0x0598
11:58:21.0593 0x0598 OS Version: 5.1.2600 ServicePack: 3.0
11:58:21.0593 0x0598 Product type: Workstation
11:58:21.0593 0x0598 ComputerName: FIRSTBUILD
11:58:21.0593 0x0598 UserName: Robert
11:58:21.0593 0x0598 Windows directory: C:\WINDOWS
11:58:21.0593 0x0598 System windows directory: C:\WINDOWS
11:58:21.0593 0x0598 Processor architecture: Intel x86
11:58:21.0593 0x0598 Number of processors: 2
11:58:21.0593 0x0598 Page size: 0x1000
11:58:21.0593 0x0598 Boot type: Normal boot
11:58:21.0593 0x0598 ============================================================
11:58:21.0593 0x0598 BG loaded
11:58:22.0093 0x0598 System UUID: {61DBE5EC-63D9-ABC1-5529-29AE10DF25E8}
11:58:25.0265 0x0598 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:58:25.0281 0x0598 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:58:25.0312 0x0598 Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:58:25.0312 0x0598 ============================================================
11:58:25.0312 0x0598 \Device\Harddisk0\DR0:
11:58:25.0312 0x0598 MBR partitions:
11:58:25.0312 0x0598 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542E7C1
11:58:25.0312 0x0598 \Device\Harddisk1\DR1:
11:58:25.0312 0x0598 MBR partitions:
11:58:25.0312 0x0598 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
11:58:25.0312 0x0598 \Device\Harddisk2\DR4:
11:58:25.0312 0x0598 MBR partitions:
11:58:25.0312 0x0598 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
11:58:25.0312 0x0598 ============================================================
11:58:26.0203 0x0598 C: <-> \Device\Harddisk0\DR0\Partition1
11:58:26.0312 0x0598 Z: <-> \Device\Harddisk1\DR1\Partition1
11:58:26.0312 0x0598 F: <-> \Device\Harddisk2\DR4\Partition1
11:58:26.0312 0x0598 ============================================================
11:58:26.0312 0x0598 Initialize success
11:58:26.0312 0x0598 ============================================================
12:00:59.0703 0x0ba8 ============================================================
12:00:59.0703 0x0ba8 Scan started
12:00:59.0703 0x0ba8 Mode: Manual; SigCheck; TDLFS;
12:00:59.0703 0x0ba8 ============================================================
12:00:59.0703 0x0ba8 KSN ping started
12:01:17.0078 0x0ba8 KSN ping finished: true
12:01:17.0218 0x0ba8 ================ Scan system memory ========================
12:01:17.0234 0x0ba8 System memory - ok
12:01:17.0234 0x0ba8 ================ Scan services =============================
12:01:17.0281 0x0ba8 Abiosdsk - ok
12:01:17.0281 0x0ba8 abp480n5 - ok
12:01:17.0312 0x0ba8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:01:19.0234 0x0ba8 ACPI - ok
12:01:19.0328 0x0ba8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:01:19.0515 0x0ba8 ACPIEC - ok
12:01:19.0640 0x0ba8 [ 56B6C5A50237E6099BB6B7707FDF8EE0, F69356133F0210A1EE38FB05DCAE1C01793043412851FB0C3286B00493AC2924 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:01:19.0687 0x0ba8 AcrSch2Svc - ok
12:01:19.0687 0x0ba8 Ad-Watch Connect Filter - ok
12:01:19.0734 0x0ba8 [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:19.0765 0x0ba8 AdobeFlashPlayerUpdateSvc - ok
12:01:19.0765 0x0ba8 adpu160m - ok
12:01:19.0796 0x0ba8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:01:19.0953 0x0ba8 aec - ok
12:01:19.0968 0x0ba8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:01:20.0046 0x0ba8 AFD - ok
12:01:20.0046 0x0ba8 Aha154x - ok
12:01:20.0078 0x0ba8 aic78u2 - ok
12:01:20.0078 0x0ba8 aic78xx - ok
12:01:20.0093 0x0ba8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:01:20.0250 0x0ba8 Alerter - ok
12:01:20.0250 0x0ba8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
12:01:20.0406 0x0ba8 ALG - ok
12:01:20.0406 0x0ba8 AliIde - ok
12:01:20.0421 0x0ba8 amsint - ok
12:01:20.0468 0x0ba8 [ E4E91D0152E14C882A5190E73C45717F, B2D83F7B24650E420C842B714D63B30B71933EED9D28905A17C193DA2C4C69C9 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
12:01:20.0546 0x0ba8 AnyDVD - ok
12:01:20.0609 0x0ba8 [ 018857EAD9A077A56AEDFC0E5EF7A24A, FC39B4C4E210D22BE40F41966578F9BAA67EE9301E848E6A7ADB8662BE5B1CB6 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:01:20.0625 0x0ba8 Apple Mobile Device - ok
12:01:20.0625 0x0ba8 AppMgmt - ok
12:01:20.0656 0x0ba8 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:01:20.0796 0x0ba8 Arp1394 - ok
12:01:20.0812 0x0ba8 asc - ok
12:01:20.0812 0x0ba8 asc3350p - ok
12:01:20.0812 0x0ba8 asc3550 - ok
12:01:20.0843 0x0ba8 [ C959989E2CE8DA9BDE8CAFDDBA84BADF, 6F54D6D03EA3854E7E66C70CDEE367EB519F6B1E4E67C3E5E5F568B403CB4AD3 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
12:01:20.0859 0x0ba8 AsIO - detected UnsignedFile.Multi.Generic ( 1 )
12:01:30.0937 0x0ba8 AsIO ( UnsignedFile.Multi.Generic ) - warning
12:01:48.0468 0x0ba8 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:01:48.0500 0x0ba8 aspnet_state - ok
12:01:48.0531 0x0ba8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:01:48.0687 0x0ba8 AsyncMac - ok
12:01:48.0703 0x0ba8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:01:48.0890 0x0ba8 atapi - ok
12:01:48.0906 0x0ba8 Atdisk - ok
12:01:48.0921 0x0ba8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:01:49.0062 0x0ba8 Atmarpc - ok
12:01:49.0093 0x0ba8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:01:49.0234 0x0ba8 AudioSrv - ok
12:01:49.0250 0x0ba8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:01:49.0406 0x0ba8 audstub - ok
12:01:49.0468 0x0ba8 [ EA2D28BBE98256654397CD1F6EAEBDD8, 97BBE5A2C9F2AE4675E6652AD79B1FCAEA76064FB37DBF238947ACA81D3017DF ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
12:01:49.0500 0x0ba8 Autodesk Licensing Service - ok
12:01:49.0531 0x0ba8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:01:49.0671 0x0ba8 Beep - ok
12:01:49.0703 0x0ba8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
12:01:49.0875 0x0ba8 BITS - ok
12:01:49.0921 0x0ba8 [ F832F1505AD8B83474BD9A5B1B985E01, 205D9F237DD50FDF84F57CC53476B5ADB218A03A8B68B017AFF7CBD0DCAC71C4 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:01:49.0953 0x0ba8 Bonjour Service - ok
12:01:49.0984 0x0ba8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
12:01:50.0078 0x0ba8 Browser - ok
12:01:50.0109 0x0ba8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:01:50.0265 0x0ba8 cbidf2k - ok
12:01:50.0265 0x0ba8 cd20xrnt - ok
12:01:50.0281 0x0ba8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:01:50.0453 0x0ba8 Cdaudio - ok
12:01:50.0468 0x0ba8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:01:50.0609 0x0ba8 Cdfs - ok
12:01:50.0640 0x0ba8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:01:50.0781 0x0ba8 Cdrom - ok
12:01:50.0796 0x0ba8 Changer - ok
12:01:50.0828 0x0ba8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:01:50.0968 0x0ba8 CiSvc - ok
12:01:50.0984 0x0ba8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:01:51.0125 0x0ba8 ClipSrv - ok
12:01:51.0187 0x0ba8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:51.0328 0x0ba8 clr_optimization_v2.0.50727_32 - ok
12:01:51.0375 0x0ba8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:51.0468 0x0ba8 clr_optimization_v4.0.30319_32 - ok
12:01:51.0484 0x0ba8 CmdIde - ok
12:01:51.0484 0x0ba8 COMSysApp - ok
12:01:51.0500 0x0ba8 Cpqarray - ok
12:01:51.0531 0x0ba8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:01:51.0671 0x0ba8 CryptSvc - ok
12:01:51.0703 0x0ba8 [ DBD89BC0DBE00DCD245BE8F61DBEE291, 7AC7291EF660338695CF4C8A8C0BBC8A6F456688E71D889F39EFBD2F5854DA26 ] cvintdrv C:\WINDOWS\system32\drivers\cvintdrv.sys
12:01:51.0718 0x0ba8 cvintdrv - detected UnsignedFile.Multi.Generic ( 1 )
12:02:01.0718 0x0ba8 cvintdrv ( UnsignedFile.Multi.Generic ) - warning
12:02:19.0171 0x0ba8 dac2w2k - ok
12:02:19.0171 0x0ba8 dac960nt - ok
12:02:19.0203 0x0ba8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:02:19.0312 0x0ba8 DcomLaunch - ok
12:02:19.0359 0x0ba8 [ 35CA8E076A55151EFC76C05787B0DE0A, 143DD1F2CD53C6AAA50F4E0F59F500063446D6C73AEC9C0E5171DE82E8A197F1 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
12:02:19.0375 0x0ba8 DefragFS - ok
12:02:19.0421 0x0ba8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:02:19.0562 0x0ba8 Dhcp - ok
12:02:19.0609 0x0ba8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:02:19.0750 0x0ba8 Disk - ok
12:02:19.0765 0x0ba8 dmadmin - ok
12:02:19.0843 0x0ba8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:02:20.0046 0x0ba8 dmboot - ok
12:02:20.0078 0x0ba8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:02:20.0234 0x0ba8 dmio - ok
12:02:20.0250 0x0ba8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:02:20.0390 0x0ba8 dmload - ok
12:02:20.0406 0x0ba8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
12:02:20.0546 0x0ba8 dmserver - ok
12:02:20.0562 0x0ba8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:02:20.0703 0x0ba8 DMusic - ok
12:02:20.0734 0x0ba8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:02:20.0812 0x0ba8 Dnscache - ok
12:02:20.0875 0x0ba8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:02:21.0031 0x0ba8 Dot3svc - ok
12:02:21.0031 0x0ba8 dpti2o - ok
12:02:21.0046 0x0ba8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:02:21.0187 0x0ba8 drmkaud - ok
12:02:21.0187 0x0ba8 EagleNT - ok
12:02:21.0218 0x0ba8 [ 59D9E5DBCFEF1E0E3DBAC1B55C718F2D, 9F089B4627B627944F7913D2A6915E5545179EBCAE4E45D69DF247BC433AE956 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
12:02:21.0250 0x0ba8 eamon - ok
12:02:21.0281 0x0ba8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:02:21.0421 0x0ba8 EapHost - ok
12:02:21.0453 0x0ba8 [ 3BD67A869964BF57266CBBD1DCA38C6A, 398912212ED568EA152C94EE16B7E1C9328CC600A9CDBCFF50C8C4B6DFA843E9 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:02:21.0484 0x0ba8 ehdrv - ok
12:02:21.0531 0x0ba8 [ 96FC9AD2C1B008424093F5367CA1AE3E, 3D64FE8248CD63A4A0276BBC084F232240F845D32AFD8559F62EC4BEB4BE3E5E ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
12:02:21.0546 0x0ba8 EhttpSrv - ok
12:02:21.0593 0x0ba8 [ D543E7E8BCAE3F5D256335EEE809ADF5, 91F9549C271D7C351814DB1ABDD6CC6B43DB2981D114F9CBFC28133E99209BF6 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
12:02:21.0640 0x0ba8 ekrn - ok
12:02:21.0671 0x0ba8 [ B83BDCCBACB65BAA9E20888DD0083A16, A38B29C768DF9153E704C92A410663A8CFFB29BDB5E6622881DEB7FFFEF0CB38 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
12:02:21.0687 0x0ba8 ElbyCDIO - ok
12:02:21.0703 0x0ba8 [ 1A7384D0684ADC204178F593994194B1, E54436969191FA0CBE12F7FC488C6BEA64220E9C1AB0E1537BA3567291C683D4 ] epfw C:\WINDOWS\system32\DRIVERS\epfw.sys
12:02:21.0734 0x0ba8 epfw - ok
12:02:21.0734 0x0ba8 [ DB4FE66ECC47E6934DD769FF00E170BC, 965CA10A86D554D9BF90DFD6E02EB768FB839C15E345A1FD5D2A6FB247E318C3 ] epfwtdi C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
12:02:21.0765 0x0ba8 epfwtdi - ok
12:02:21.0781 0x0ba8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:02:21.0937 0x0ba8 ERSvc - ok
12:02:21.0953 0x0ba8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
12:02:22.0046 0x0ba8 Eventlog - ok
12:02:22.0062 0x0ba8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
12:02:22.0109 0x0ba8 EventSystem - ok
12:02:22.0140 0x0ba8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:02:22.0296 0x0ba8 Fastfat - ok
12:02:22.0328 0x0ba8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:02:22.0421 0x0ba8 FastUserSwitchingCompatibility - ok
12:02:22.0437 0x0ba8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:02:22.0593 0x0ba8 Fdc - ok
12:02:22.0609 0x0ba8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:02:22.0750 0x0ba8 Fips - ok
12:02:22.0750 0x0ba8 FLASHSYS - ok
12:02:22.0828 0x0ba8 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:02:22.0890 0x0ba8 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
12:02:32.0890 0x0ba8 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:02:50.0328 0x0ba8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:02:50.0468 0x0ba8 Flpydisk - ok
12:02:50.0500 0x0ba8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:02:50.0671 0x0ba8 FltMgr - ok
12:02:50.0750 0x0ba8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:02:50.0781 0x0ba8 FontCache3.0.0.0 - ok
12:02:50.0781 0x0ba8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:02:50.0921 0x0ba8 Fs_Rec - ok
12:02:50.0937 0x0ba8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:02:51.0078 0x0ba8 Ftdisk - ok
12:02:51.0078 0x0ba8 GMSIPCI - ok
12:02:51.0109 0x0ba8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:02:51.0234 0x0ba8 Gpc - ok
12:02:51.0375 0x0ba8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:02:51.0390 0x0ba8 gupdate - ok
12:02:51.0406 0x0ba8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:02:51.0437 0x0ba8 gupdatem - ok
12:02:51.0484 0x0ba8 [ D64A40B94602158E40527AE95E7A9193, 833F363CBA82DAC4DB6FBD7FA8AFB7B78E7122B24EC33B1D08682AA068749B21 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
12:02:51.0562 0x0ba8 Hardlock - ok
12:02:51.0578 0x0ba8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:02:51.0718 0x0ba8 HDAudBus - ok
12:02:51.0765 0x0ba8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:02:51.0921 0x0ba8 helpsvc - ok
12:02:51.0921 0x0ba8 HidServ - ok
12:02:51.0937 0x0ba8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:02:52.0093 0x0ba8 hidusb - ok
12:02:52.0125 0x0ba8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:02:52.0265 0x0ba8 hkmsvc - ok
12:02:52.0265 0x0ba8 hpn - ok
12:02:52.0296 0x0ba8 [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:02:52.0453 0x0ba8 HTTP - ok
12:02:52.0468 0x0ba8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:02:52.0640 0x0ba8 HTTPFilter - ok
12:02:52.0656 0x0ba8 i2omgmt - ok
12:02:52.0656 0x0ba8 i2omp - ok
12:02:52.0656 0x0ba8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:02:52.0796 0x0ba8 i8042prt - ok
12:02:52.0843 0x0ba8 [ 79AE2A97C120F282845D854D0F070EA9, 5569785B034777D8A227377E0DC735DEEA6277A31FD60CA6E62AF01F49B3B8FF ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
12:02:52.0953 0x0ba8 iaStor - ok
12:02:53.0031 0x0ba8 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:02:53.0046 0x0ba8 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
12:03:03.0046 0x0ba8 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:03:20.0562 0x0ba8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:03:20.0625 0x0ba8 idsvc - ok
12:03:20.0656 0x0ba8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:03:20.0796 0x0ba8 Imapi - ok
12:03:20.0812 0x0ba8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
12:03:20.0953 0x0ba8 ImapiService - ok
12:03:20.0968 0x0ba8 ini910u - ok
12:03:21.0109 0x0ba8 [ 001AACA6ED0E6B00FC5B8FAF74977E81, 1028C75EC3FED34D8FA012E737A7AB9B6B4647F7305A34B0DACA9806C87FB709 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:03:21.0421 0x0ba8 IntcAzAudAddService - ok
12:03:21.0437 0x0ba8 IntelIde - ok
12:03:21.0453 0x0ba8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:03:21.0593 0x0ba8 intelppm - ok
12:03:21.0625 0x0ba8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:03:21.0781 0x0ba8 Ip6Fw - ok
12:03:21.0796 0x0ba8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:03:21.0953 0x0ba8 IpFilterDriver - ok
12:03:21.0984 0x0ba8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:03:22.0125 0x0ba8 IpInIp - ok
12:03:22.0140 0x0ba8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:03:22.0296 0x0ba8 IpNat - ok
12:03:22.0312 0x0ba8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:03:22.0453 0x0ba8 IPSec - ok
12:03:22.0468 0x0ba8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:03:22.0609 0x0ba8 IRENUM - ok
12:03:22.0625 0x0ba8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:03:22.0765 0x0ba8 isapnp - ok
12:03:22.0781 0x0ba8 [ E62B53385BB6EAAC67ABDB83D9DABE2A, AC7D3D01EBB8CA271068CF0CCF62B90BB2C9FD39E81ABCFD13748CF476761D1F ] iteatapi C:\WINDOWS\system32\DRIVERS\iteatapi.sys
12:03:22.0828 0x0ba8 iteatapi - ok
12:03:22.0843 0x0ba8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:03:22.0968 0x0ba8 Kbdclass - ok
12:03:23.0000 0x0ba8 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:03:23.0156 0x0ba8 kbdhid - ok
12:03:23.0156 0x0ba8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:03:23.0312 0x0ba8 kmixer - ok
12:03:23.0328 0x0ba8 [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:03:23.0484 0x0ba8 KSecDD - ok
12:03:23.0500 0x0ba8 [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:03:23.0640 0x0ba8 lanmanserver - ok
12:03:23.0656 0x0ba8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:03:23.0703 0x0ba8 lanmanworkstation - ok
12:03:23.0703 0x0ba8 lbrtfdc - ok
12:03:23.0734 0x0ba8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:03:23.0890 0x0ba8 LmHosts - ok
12:03:23.0906 0x0ba8 [ 4A5FFDF0FE830C448830BD4B02B02B4B, 777603317D35A1FEDFF985A6387A5C9C5E1C42C35513699BCD70A0C7AE762600 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
12:03:23.0937 0x0ba8 mbamchameleon - ok
12:03:23.0953 0x0ba8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:03:24.0109 0x0ba8 Messenger - ok
12:03:24.0125 0x0ba8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:03:24.0281 0x0ba8 mnmdd - ok
12:03:24.0296 0x0ba8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:03:24.0453 0x0ba8 mnmsrvc - ok
12:03:24.0468 0x0ba8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:03:24.0609 0x0ba8 Modem - ok
12:03:24.0609 0x0ba8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:03:24.0750 0x0ba8 Mouclass - ok
12:03:24.0781 0x0ba8 [ 6ED1D87904EDFBD26DFB31ABF1040D92, D90A75C6BED516C9B2FD398E7B155471C5316603EC143A5781C6C55EBB55F49D ] moufiltr C:\WINDOWS\system32\DRIVERS\moufiltr.sys
12:03:24.0796 0x0ba8 moufiltr - detected UnsignedFile.Multi.Generic ( 1 )
12:03:34.0796 0x0ba8 moufiltr ( UnsignedFile.Multi.Generic ) - warning
12:03:52.0250 0x0ba8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:03:52.0406 0x0ba8 mouhid - ok
12:03:52.0406 0x0ba8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:03:52.0562 0x0ba8 MountMgr - ok
12:03:52.0609 0x0ba8 [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:03:52.0656 0x0ba8 MozillaMaintenance - ok
12:03:52.0671 0x0ba8 mraid35x - ok
12:03:52.0671 0x0ba8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:03:52.0828 0x0ba8 MRxDAV - ok
12:03:52.0875 0x0ba8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\MRXSMB.SYS
12:03:52.0953 0x0ba8 MRxSmb - ok
12:03:52.0984 0x0ba8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:03:53.0140 0x0ba8 MSDTC - ok
12:03:53.0140 0x0ba8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:03:53.0296 0x0ba8 Msfs - ok
12:03:53.0296 0x0ba8 MSIServer - ok
12:03:53.0312 0x0ba8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:03:53.0453 0x0ba8 MSKSSRV - ok
12:03:53.0468 0x0ba8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:03:53.0625 0x0ba8 MSPCLOCK - ok
12:03:53.0640 0x0ba8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:03:53.0781 0x0ba8 MSPQM - ok
12:03:53.0796 0x0ba8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:03:53.0921 0x0ba8 mssmbios - ok
12:03:53.0953 0x0ba8 [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
12:03:53.0984 0x0ba8 MTsensor - ok
12:03:54.0015 0x0ba8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:03:54.0062 0x0ba8 Mup - ok
12:03:54.0093 0x0ba8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:03:54.0234 0x0ba8 napagent - ok
12:03:54.0328 0x0ba8 [ F46070DDADA5C396B1F2EBF1C46DBB08, CA3EFF12EE202CA3F61137F03A0E73AF37AB3C696F66A8CAD6D9AE7F5AC86EC8 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:03:54.0390 0x0ba8 NBService - ok
12:03:54.0421 0x0ba8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:03:54.0593 0x0ba8 NDIS - ok
12:03:54.0609 0x0ba8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:03:54.0640 0x0ba8 NdisTapi - ok
12:03:54.0656 0x0ba8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:03:54.0812 0x0ba8 Ndisuio - ok
12:03:54.0828 0x0ba8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:03:54.0968 0x0ba8 NdisWan - ok
12:03:55.0000 0x0ba8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:03:55.0062 0x0ba8 NDProxy - ok
12:03:55.0062 0x0ba8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:03:55.0218 0x0ba8 NetBIOS - ok
12:03:55.0234 0x0ba8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:03:55.0390 0x0ba8 NetBT - ok
12:03:55.0421 0x0ba8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
12:03:55.0578 0x0ba8 NetDDE - ok
12:03:55.0578 0x0ba8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:03:55.0718 0x0ba8 NetDDEdsdm - ok
12:03:55.0750 0x0ba8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:03:55.0875 0x0ba8 Netlogon - ok
12:03:55.0890 0x0ba8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
12:03:56.0046 0x0ba8 Netman - ok
12:03:56.0078 0x0ba8 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:03:56.0125 0x0ba8 NetTcpPortSharing - ok
12:03:56.0140 0x0ba8 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:03:56.0281 0x0ba8 NIC1394 - ok
12:03:56.0296 0x0ba8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
12:03:56.0343 0x0ba8 Nla - ok
12:03:56.0421 0x0ba8 [ 433049770B810D7C83C5C94CDB3E09D2, C629831E34C0FE873A6B4887DBB4C50A4CFA1E86A8B27A8A3F1A3407DE21A27F ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:03:56.0453 0x0ba8 NMIndexingService - ok
12:03:56.0453 0x0ba8 NOD32FiXTemDono - ok
12:03:56.0484 0x0ba8 [ F44ADDBF29905CB19F52FC9FE6A0EFA1, 49AB6C779E41BF3208ADF637FC35B7AFC447211AE4BE88AAA54F043C30C23B55 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
12:03:56.0515 0x0ba8 nosGetPlusHelper - ok
12:03:56.0546 0x0ba8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:03:56.0687 0x0ba8 Npfs - ok
12:03:56.0687 0x0ba8 NTACCESS - ok
12:03:56.0718 0x0ba8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:03:56.0890 0x0ba8 Ntfs - ok
12:03:56.0906 0x0ba8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:03:57.0046 0x0ba8 NtLmSsp - ok
12:03:57.0062 0x0ba8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:03:57.0234 0x0ba8 NtmsSvc - ok
12:03:57.0234 0x0ba8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
12:03:57.0375 0x0ba8 Null - ok
12:03:57.0671 0x0ba8 [ 30913CBF518396912E54C2C9F1DD0F09, 4B16EED1A26CF7D31AED1DA252E05615AC0F85E71D336D4F1D98498ACCF7168B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:03:58.0125 0x0ba8 nv - ok
12:03:58.0187 0x0ba8 [ C0204C1A7A2D2433D48F49E4ECC09AB6, CC6CC0B97D0469C0D72C74AE1F8A5577201872B724ED411AC2309C77A182A4F2 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:03:58.0203 0x0ba8 NVSvc - ok
12:03:58.0234 0x0ba8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:03:58.0375 0x0ba8 NwlnkFlt - ok
12:03:58.0390 0x0ba8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:03:58.0546 0x0ba8 NwlnkFwd - ok
12:03:58.0609 0x0ba8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:03:58.0656 0x0ba8 odserv - ok
12:03:58.0671 0x0ba8 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:03:58.0812 0x0ba8 ohci1394 - ok
12:03:58.0859 0x0ba8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:03:58.0890 0x0ba8 ose - ok
12:03:58.0921 0x0ba8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:03:59.0062 0x0ba8 Parport - ok
12:03:59.0078 0x0ba8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:03:59.0203 0x0ba8 PartMgr - ok
12:03:59.0250 0x0ba8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:03:59.0375 0x0ba8 ParVdm - ok
12:03:59.0375 0x0ba8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:03:59.0531 0x0ba8 PCI - ok
12:03:59.0531 0x0ba8 PCIDump - ok
12:03:59.0562 0x0ba8 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:03:59.0687 0x0ba8 PCIIde - ok
12:03:59.0718 0x0ba8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:03:59.0875 0x0ba8 Pcmcia - ok
12:03:59.0906 0x0ba8 [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
12:03:59.0921 0x0ba8 pcouffin - detected UnsignedFile.Multi.Generic ( 1 )
12:04:09.0921 0x0ba8 pcouffin ( UnsignedFile.Multi.Generic ) - warning
12:04:27.0515 0x0ba8 [ A33847BDE98AF6CFFF284738B85A639F, 617DA0BD1C58677D2123A151853F420C77AFD23BFC9952BC73CC3E015A384789 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
12:04:27.0578 0x0ba8 PDAgent - ok
12:04:27.0578 0x0ba8 PDCOMP - ok
12:04:27.0687 0x0ba8 [ A54B37B101DD1D5F1C58C6D0141111AE, 01177E0229E4918201DCE124C2C5D6F0EDC6A296266E94CBDE3505501F6DE948 ] PDEngine C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
12:04:27.0765 0x0ba8 PDEngine - ok
12:04:27.0781 0x0ba8 PDFRAME - ok
12:04:27.0796 0x0ba8 [ C7133C04005E4BE5C3D8762D6BFC1048, 9ADA9EF09E6EA1162D037FFE8D33F96313E8F7BEBDE17D601C59CD766782D5BE ] PDFSFilter C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys
12:04:27.0828 0x0ba8 PDFSFilter - ok
12:04:27.0828 0x0ba8 PDRELI - ok
12:04:27.0828 0x0ba8 PDRFRAME - ok
12:04:27.0843 0x0ba8 perc2 - ok
12:04:27.0843 0x0ba8 perc2hib - ok
12:04:27.0875 0x0ba8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
12:04:27.0953 0x0ba8 PlugPlay - ok
12:04:27.0953 0x0ba8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:04:28.0093 0x0ba8 PolicyAgent - ok
12:04:28.0125 0x0ba8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:04:28.0265 0x0ba8 PptpMiniport - ok
12:04:28.0281 0x0ba8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:04:28.0406 0x0ba8 ProtectedStorage - ok
12:04:28.0453 0x0ba8 [ 64E413BA0C529AA40C3924BBCC4153DB, 9E0EB02078EE250AC618D4A4537D54BACDD7E2B67349162CA61F35EAF91601EE ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
12:04:28.0468 0x0ba8 ProtexisLicensing - detected UnsignedFile.Multi.Generic ( 1 )
12:04:38.0468 0x0ba8 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
12:04:38.0468 0x0ba8 Force sending object to P2P due to detect: C:\WINDOWS\system32\PSIService.exe
12:04:58.0468 0x0ba8 Object send P2P result: false
12:05:15.0906 0x0ba8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:05:16.0046 0x0ba8 PSched - ok
12:05:16.0078 0x0ba8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:05:16.0203 0x0ba8 Ptilink - ok
12:05:16.0234 0x0ba8 [ 1962166E0CEB740704F30FA55AD3D509, 22C21907D7FDCA2CBBE1EC0479D83DDD4C4FCBC07C8791A2F62414EC5E85E488 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:05:16.0234 0x0ba8 PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
12:05:26.0234 0x0ba8 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:05:43.0671 0x0ba8 ql1080 - ok
12:05:43.0671 0x0ba8 Ql10wnt - ok
12:05:43.0687 0x0ba8 ql12160 - ok
12:05:43.0687 0x0ba8 ql1240 - ok
12:05:43.0687 0x0ba8 ql1280 - ok
12:05:43.0703 0x0ba8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:05:43.0828 0x0ba8 RasAcd - ok
12:05:43.0859 0x0ba8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:05:44.0000 0x0ba8 RasAuto - ok
12:05:44.0015 0x0ba8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:05:44.0156 0x0ba8 Rasl2tp - ok
12:05:44.0187 0x0ba8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:05:44.0343 0x0ba8 RasMan - ok
12:05:44.0343 0x0ba8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:05:44.0500 0x0ba8 RasPppoe - ok
12:05:44.0500 0x0ba8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:05:44.0640 0x0ba8 Raspti - ok
12:05:44.0671 0x0ba8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:05:44.0812 0x0ba8 Rdbss - ok
12:05:44.0812 0x0ba8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:05:44.0953 0x0ba8 RDPCDD - ok
12:05:44.0984 0x0ba8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:05:45.0078 0x0ba8 RDPWD - ok
12:05:45.0109 0x0ba8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:05:45.0250 0x0ba8 RDSessMgr - ok
12:05:45.0265 0x0ba8 [ 80B888792CD3BF342E6D76813E887783, 03E50B694F2F24EC6DAE2FA6D6E49EEA1B00F7F76FE0DE744742EA6F8B52D948 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:05:45.0265 0x0ba8 Suspicious file ( Forged ): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 80B888792CD3BF342E6D76813E887783, sha256: 03E50B694F2F24EC6DAE2FA6D6E49EEA1B00F7F76FE0DE744742EA6F8B52D948, fake md5: F828DD7E1419B6653894A8F97A0094C5, fake sha256: E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF
12:05:45.0265 0x0ba8 redbook - detected Virus.Win32.ZAccess.k ( 0 )
12:05:55.0265 0x0ba8 redbook ( Virus.Win32.ZAccess.k ) - infected
12:05:55.0265 0x0ba8 Force sending object to P2P due to detect: C:\WINDOWS\system32\DRIVERS\redbook.sys
12:06:15.0265 0x0ba8 Object send P2P result: false
12:06:35.0281 0x0ba8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:06:35.0406 0x0ba8 RemoteAccess - ok
12:06:35.0453 0x0ba8 Roxio UPnP Renderer 9 - ok
12:06:35.0453 0x0ba8 RoxLiveShare9 - ok
12:06:35.0484 0x0ba8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:06:35.0625 0x0ba8 RpcLocator - ok
12:06:35.0656 0x0ba8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:06:35.0734 0x0ba8 RpcSs - ok
12:06:35.0781 0x0ba8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:06:35.0921 0x0ba8 RSVP - ok
12:06:35.0937 0x0ba8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
12:06:36.0078 0x0ba8 SamSs - ok
12:06:36.0203 0x0ba8 [ AD720D4D463B72C58DA9FF5933723A66, 9686C81C191EFE4B2BA60A9BF75A97B128675A6C4981467B67852FBD8E74B125 ] SBAMSvc C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
12:06:36.0328 0x0ba8 SBAMSvc - ok
12:06:36.0375 0x0ba8 [ 8FE075898DF6B206D0A5CF0FEB581B5E, 758995EFBC29D9D3C30DD4D84BEE37E3BE6FF49A7DF8625A9342A3CA8D54D341 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys
12:06:36.0390 0x0ba8 sbaphd - ok
12:06:36.0406 0x0ba8 [ 29658F5353D5B73CA514A784E6AAC54E, ADB33EAFE66BB10200695D8BD71385455907E95D7E7EE1FB6B2DB8FA9B7167F9 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys
12:06:36.0421 0x0ba8 sbapifs - ok
12:06:36.0453 0x0ba8 [ 9FFBE1A6D3A919D83AD7984DBC012F8C, 9335836C13294FA68CE3B328E9B7E38810007440A1953987CF44251C8865BCCF ] SBPIMSvc C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
12:06:36.0468 0x0ba8 SBPIMSvc - ok
12:06:36.0484 0x0ba8 [ C1AE5D1F53285D79A0B73A62AF20734F, B3690E063F3C4D8545CD8A3576E78938BC9BC607365B3D91BB5C490C20CC9B85 ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
12:06:36.0515 0x0ba8 SBRE - ok
12:06:36.0531 0x0ba8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:06:36.0687 0x0ba8 SCardSvr - ok
12:06:36.0734 0x0ba8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:06:36.0875 0x0ba8 Schedule - ok
12:06:36.0953 0x0ba8 [ 54196CDAC7E1D81D71C652E100B99E77, 33D6F58C67333F292A76ABDB7FB7697D74EDE69B282A7BD0DADF74C3EBDF62C3 ] ScsiAccess C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
12:06:36.0968 0x0ba8 ScsiAccess - detected UnsignedFile.Multi.Generic ( 1 )
12:06:46.0968 0x0ba8 ScsiAccess ( UnsignedFile.Multi.Generic ) - warning
12:06:46.0968 0x0ba8 Force sending object to P2P due to detect: C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
12:07:06.0968 0x0ba8 Object send P2P result: false
12:07:24.0437 0x0ba8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:07:24.0578 0x0ba8 Secdrv - ok
12:07:24.0609 0x0ba8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:07:24.0750 0x0ba8 seclogon - ok
12:07:24.0781 0x0ba8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
12:07:24.0906 0x0ba8 SENS - ok
12:07:24.0937 0x0ba8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:07:25.0062 0x0ba8 serenum - ok
12:07:25.0078 0x0ba8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:07:25.0234 0x0ba8 Serial - ok
12:07:25.0250 0x0ba8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:07:25.0390 0x0ba8 Sfloppy - ok
12:07:25.0406 0x0ba8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:07:25.0437 0x0ba8 ShellHWDetection - ok
12:07:25.0468 0x0ba8 [ 0B9B5C6DF6226497EF4819B6E1B2EFD5, A2B66572352D38E58C3BE53581A733B54D831FD6BB826AB8B79B86E8133F6B32 ] SI3132 C:\WINDOWS\system32\DRIVERS\SI3132.sys
12:07:25.0484 0x0ba8 SI3132 - ok
12:07:25.0500 0x0ba8 [ AD29A80543C63E5B3588D118FB327E22, 2DFC84650D91E851C56317FF029781BABD56E603E2AA2DC920F54C19DE5DBCF0 ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
12:07:25.0515 0x0ba8 SiFilter - ok
12:07:25.0531 0x0ba8 Simbad - ok
12:07:25.0531 0x0ba8 [ B19EFE5E45AE31F3C3E4C4F0F9DA3C49, C5A004B6D123405D88881C1346F0F5B1B8450B3DAE94EDB68589618C7B17392B ] SiRemFil C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
12:07:25.0562 0x0ba8 SiRemFil - ok
12:07:25.0609 0x0ba8 [ 5CE1CF27620B144E212D407CDB14D339, 2F537E149682868D236E81DD695896682FD28EEA1E19BF94953E5BC533F1E9C7 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
12:07:25.0625 0x0ba8 snapman380 - ok
12:07:25.0671 0x0ba8 [ 4945020BC094C322571184A6E8056B3A, 9E09257411F7C3631537D0198E0E64CDD1A697D80430F6379139B15A2BA8A6C9 ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
12:07:25.0687 0x0ba8 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
12:07:35.0687 0x0ba8 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:07:35.0687 0x0ba8 Force sending object to P2P due to detect: C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
12:07:55.0687 0x0ba8 Object send P2P result: false
12:08:13.0156 0x0ba8 [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:08:13.0312 0x0ba8 SONYPVU1 - ok
12:08:13.0312 0x0ba8 Sparrow - ok
12:08:13.0328 0x0ba8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:08:13.0468 0x0ba8 splitter - ok
12:08:13.0484 0x0ba8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:08:13.0578 0x0ba8 Spooler - ok
12:08:13.0578 0x0ba8 SpyEmrg - ok
12:08:13.0609 0x0ba8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:13.0750 0x0ba8 sr - ok
12:08:13.0781 0x0ba8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
12:08:13.0921 0x0ba8 srservice - ok
12:08:13.0953 0x0ba8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:14.0000 0x0ba8 Srv - ok
12:08:14.0031 0x0ba8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:08:14.0187 0x0ba8 SSDPSRV - ok
12:08:14.0218 0x0ba8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:08:14.0375 0x0ba8 stisvc - ok
12:08:14.0406 0x0ba8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:14.0546 0x0ba8 swenum - ok
12:08:14.0578 0x0ba8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:08:14.0718 0x0ba8 swmidi - ok
12:08:14.0718 0x0ba8 SwPrv - ok
12:08:14.0734 0x0ba8 symc810 - ok
12:08:14.0734 0x0ba8 symc8xx - ok
12:08:14.0734 0x0ba8 sym_hi - ok
12:08:14.0750 0x0ba8 sym_u3 - ok
12:08:14.0750 0x0ba8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:14.0890 0x0ba8 sysaudio - ok
12:08:14.0906 0x0ba8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:08:15.0062 0x0ba8 SysmonLog - ok
12:08:15.0078 0x0ba8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:08:15.0218 0x0ba8 TapiSrv - ok
12:08:15.0265 0x0ba8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:15.0296 0x0ba8 Tcpip - ok
12:08:15.0328 0x0ba8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:15.0468 0x0ba8 TDPIPE - ok
12:08:15.0531 0x0ba8 [ D953F161177DAB3C8440844A9AB6E5A2, D9174E24F4B4356D2B00264DB3CC2EE862FAC1BE2B86EC0434C86B7D1C3C3304 ] tdrpman174 C:\WINDOWS\system32\DRIVERS\tdrpm174.sys
12:08:15.0578 0x0ba8 tdrpman174 - ok
12:08:15.0609 0x0ba8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:15.0750 0x0ba8 TDTCP - ok
12:08:15.0765 0x0ba8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:15.0906 0x0ba8 TermDD - ok
12:08:15.0937 0x0ba8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
12:08:16.0093 0x0ba8 TermService - ok
12:08:16.0140 0x0ba8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
12:08:16.0156 0x0ba8 Themes - ok
12:08:16.0187 0x0ba8 [ 6DCB8DDB481CD3C40FA68593723B4D89, EE7D05C688C9FFBC1281E7152B5FC0AFC2CD21F778C6733E0F47024BF73E4A4D ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
12:08:16.0203 0x0ba8 tifsfilter - ok
12:08:16.0234 0x0ba8 [ 394FC70B88B7958FA85798BBC76D140A, D8FCF01893B51FF8198A0CF2230226DBD9F66D928DA0856650D936A495EF432D ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
12:08:16.0265 0x0ba8 timounter - ok
12:08:16.0281 0x0ba8 TosIde - ok
12:08:16.0296 0x0ba8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:08:16.0437 0x0ba8 TrkWks - ok
12:08:16.0468 0x0ba8 [ E266683FC95ABDEC17CD378564E1B54B, 88051AA353AB3E8F53AB0486F21C2DB8B13F672C39059F12D9FF47C8F378251E ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
12:08:16.0500 0x0ba8 TVICHW32 - detected UnsignedFile.Multi.Generic ( 1 )
12:08:26.0500 0x0ba8 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
12:08:43.0984 0x0ba8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:08:44.0125 0x0ba8 Udfs - ok
12:08:44.0125 0x0ba8 ultra - ok
12:08:44.0187 0x0ba8 [ D0CB75386D9E89C864D808D64EC9160F, 7304C14E23AFACB5C5E144AC243040113112BA8CD6AC3FF1AD5E00A255E11534 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
12:08:44.0203 0x0ba8 UnlockerDriver5 - detected UnsignedFile.Multi.Generic ( 1 )
12:08:54.0203 0x0ba8 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
12:09:11.0671 0x0ba8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:09:11.0828 0x0ba8 Update - ok
12:09:11.0859 0x0ba8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
12:09:12.0000 0x0ba8 upnphost - ok
12:09:12.0015 0x0ba8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
12:09:12.0171 0x0ba8 UPS - ok
12:09:12.0187 0x0ba8 [ 5C2BDC152BBAB34F36473DEAF7713F22, DC7D6FD3BE2F4D8832BB62AB76E5332BB65255AB45F6E28E6B1991A976C1A058 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:09:12.0234 0x0ba8 USBAAPL - ok
12:09:12.0296 0x0ba8 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:09:12.0359 0x0ba8 usbccgp - ok
12:09:12.0390 0x0ba8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:09:12.0421 0x0ba8 usbehci - ok
12:09:12.0453 0x0ba8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:09:12.0578 0x0ba8 usbhub - ok
12:09:12.0609 0x0ba8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:09:12.0750 0x0ba8 usbprint - ok
12:09:12.0781 0x0ba8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:09:12.0828 0x0ba8 usbscan - ok
12:09:12.0828 0x0ba8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:09:12.0968 0x0ba8 USBSTOR - ok
12:09:12.0984 0x0ba8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:09:13.0125 0x0ba8 usbuhci - ok
12:09:13.0125 0x0ba8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:09:13.0265 0x0ba8 VgaSave - ok
12:09:13.0265 0x0ba8 ViaIde - ok
12:09:13.0312 0x0ba8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:09:13.0437 0x0ba8 VolSnap - ok
12:09:13.0468 0x0ba8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
12:09:13.0640 0x0ba8 VSS - ok
12:09:13.0656 0x0ba8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
12:09:13.0796 0x0ba8 W32Time - ok
12:09:13.0812 0x0ba8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:09:13.0953 0x0ba8 Wanarp - ok
12:09:13.0968 0x0ba8 WDICA - ok
12:09:13.0984 0x0ba8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:09:14.0125 0x0ba8 wdmaud - ok
12:09:14.0156 0x0ba8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
12:09:14.0296 0x0ba8 WebClient - ok
12:09:14.0359 0x0ba8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:09:14.0500 0x0ba8 winmgmt - ok
12:09:14.0531 0x0ba8 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:09:14.0593 0x0ba8 WmdmPmSN - ok
12:09:14.0625 0x0ba8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:09:14.0781 0x0ba8 WmiApSrv - ok
12:09:14.0843 0x0ba8 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:09:14.0937 0x0ba8 WMPNetworkSvc - ok
12:09:15.0031 0x0ba8 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:09:15.0125 0x0ba8 WPFFontCache_v0400 - ok
12:09:15.0140 0x0ba8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:09:15.0281 0x0ba8 WS2IFSL - ok
12:09:15.0296 0x0ba8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:09:15.0437 0x0ba8 wuauserv - ok
12:09:15.0468 0x0ba8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:09:15.0515 0x0ba8 WudfPf - ok
12:09:15.0531 0x0ba8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:09:15.0562 0x0ba8 WudfSvc - ok
12:09:15.0625 0x0ba8 [ BE0B3774113713059527FCF071CCDBFE, C352AE23B7E1D6460FC77E389BBC9250B04EF7948B920BC7AF7779118FD64660 ] wwEngineSvc C:\Program Files\Webroot\Washer\WasherSvc.exe
12:09:15.0765 0x0ba8 wwEngineSvc - ok
12:09:15.0812 0x0ba8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:09:15.0968 0x0ba8 WZCSVC - ok
12:09:15.0984 0x0ba8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:09:16.0140 0x0ba8 xmlprov - ok
12:09:16.0171 0x0ba8 [ 4322C32CED8C4772E039616DCBF01D3F, F878A0AC7A128BE114D52FD62538A37A3B7C3E15309BF37B87036005ED06C7A0 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
12:09:16.0234 0x0ba8 yukonwxp - ok
12:09:16.0250 0x0ba8 ================ Scan global ===============================
12:09:16.0265 0x0ba8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:09:16.0312 0x0ba8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:09:16.0343 0x0ba8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:09:16.0359 0x0ba8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:09:16.0375 0x0ba8 [ Global ] - ok
12:09:16.0375 0x0ba8 ================ Scan MBR ==================================
12:09:16.0375 0x0ba8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:09:16.0593 0x0ba8 \Device\Harddisk0\DR0 - ok
12:09:16.0593 0x0ba8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:09:16.0656 0x0ba8 \Device\Harddisk1\DR1 - ok
12:09:16.0671 0x0ba8 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk2\DR4
12:09:17.0000 0x0ba8 \Device\Harddisk2\DR4 - ok
12:09:17.0000 0x0ba8 ================ Scan VBR ==================================
12:09:17.0000 0x0ba8 [ 69AD2D686FC9FF6BB8357E37164920AD ] \Device\Harddisk0\DR0\Partition1
12:09:17.0031 0x0ba8 \Device\Harddisk0\DR0\Partition1 - ok
12:09:17.0031 0x0ba8 [ 2F2A839FFA033EC0DFCCD3FF17C6DDBF ] \Device\Harddisk1\DR1\Partition1
12:09:17.0093 0x0ba8 \Device\Harddisk1\DR1\Partition1 - ok
12:09:17.0093 0x0ba8 [ CCE3BFADBBBCC6AEEBB7DB610A1A48CF ] \Device\Harddisk2\DR4\Partition1
12:09:17.0171 0x0ba8 \Device\Harddisk2\DR4\Partition1 - ok
12:09:17.0171 0x0ba8 ================ Scan active images ========================
12:09:17.0171 0x0ba8 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] C:\WINDOWS\system32\drivers\nic1394.sys
12:09:17.0171 0x0ba8 C:\WINDOWS\system32\drivers\nic1394.sys - ok
12:09:17.0171 0x0ba8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] C:\WINDOWS\system32\drivers\intelppm.sys
12:09:17.0171 0x0ba8 C:\WINDOWS\system32\drivers\intelppm.sys - ok
12:09:17.0171 0x0ba8 [ 30913CBF518396912E54C2C9F1DD0F09, 4B16EED1A26CF7D31AED1DA252E05615AC0F85E71D336D4F1D98498ACCF7168B ] C:\WINDOWS\system32\drivers\nv4_mini.sys
12:09:17.0171 0x0ba8 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
12:09:17.0171 0x0ba8 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
12:09:17.0171 0x0ba8 C:\WINDOWS\system32\drivers\videoprt.sys - ok
12:09:17.0187 0x0ba8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] C:\WINDOWS\system32\drivers\hdaudbus.sys
12:09:17.0187 0x0ba8 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
12:09:17.0187 0x0ba8 [ 4322C32CED8C4772E039616DCBF01D3F, F878A0AC7A128BE114D52FD62538A37A3B7C3E15309BF37B87036005ED06C7A0 ] C:\WINDOWS\system32\drivers\yk51x86.sys
12:09:17.0187 0x0ba8 C:\WINDOWS\system32\drivers\yk51x86.sys - ok
12:09:17.0187 0x0ba8 [ 6DF35CA139C3BC15CC74390ABB114EFE, 5401724E49243625C43B3F9032E592EF43605C2510E809C1D318A7792AB9FBBA ] C:\WINDOWS\system32\drivers\usbport.sys
12:09:17.0187 0x0ba8 C:\WINDOWS\system32\drivers\usbport.sys - ok
12:09:17.0187 0x0ba8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] C:\WINDOWS\system32\drivers\usbuhci.sys
12:09:17.0187 0x0ba8 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
12:09:17.0203 0x0ba8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] C:\WINDOWS\system32\drivers\usbehci.sys
12:09:17.0203 0x0ba8 C:\WINDOWS\system32\drivers\usbehci.sys - ok
12:09:17.0203 0x0ba8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
12:09:17.0203 0x0ba8 C:\WINDOWS\system32\drivers\fdc.sys - ok
12:09:17.0203 0x0ba8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] C:\WINDOWS\system32\drivers\parport.sys
12:09:17.0203 0x0ba8 C:\WINDOWS\system32\drivers\parport.sys - ok
12:09:17.0203 0x0ba8 [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] C:\WINDOWS\system32\drivers\ASACPI.sys
12:09:17.0203 0x0ba8 C:\WINDOWS\system32\drivers\ASACPI.sys - ok
12:09:17.0203 0x0ba8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] C:\WINDOWS\system32\drivers\serial.sys
12:09:17.0203 0x0ba8 C:\WINDOWS\system32\drivers\serial.sys - ok
12:09:17.0218 0x0ba8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] C:\WINDOWS\system32\drivers\serenum.sys
12:09:17.0218 0x0ba8 C:\WINDOWS\system32\drivers\serenum.sys - ok
12:09:17.0218 0x0ba8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
12:09:17.0218 0x0ba8 C:\WINDOWS\system32\drivers\imapi.sys - ok
12:09:17.0218 0x0ba8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
12:09:17.0218 0x0ba8 C:\WINDOWS\system32\drivers\cdrom.sys - ok
12:09:17.0218 0x0ba8 [ 80B888792CD3BF342E6D76813E887783, 03E50B694F2F24EC6DAE2FA6D6E49EEA1B00F7F76FE0DE744742EA6F8B52D948 ] C:\WINDOWS\system32\drivers\redbook.sys
12:09:17.0218 0x0ba8 C:\WINDOWS\system32\drivers\redbook.sys - ok
12:09:17.0234 0x0ba8 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
12:09:17.0234 0x0ba8 C:\WINDOWS\system32\drivers\ks.sys - ok
12:09:17.0234 0x0ba8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\`
12:09:17.0234 0x0ba8 C:\WINDOWS\system32\drivers\` - ok
12:09:17.0234 0x0ba8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
12:09:17.0234 0x0ba8 C:\WINDOWS\system32\drivers\audstub.sys - ok
12:09:17.0234 0x0ba8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] C:\WINDOWS\system32\drivers\ndistapi.sys
12:09:17.0234 0x0ba8 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
12:09:17.0234 0x0ba8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] C:\WINDOWS\system32\drivers\rasl2tp.sys
12:09:17.0250 0x0ba8 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
12:09:17.0250 0x0ba8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] C:\WINDOWS\system32\drivers\ndiswan.sys
12:09:17.0250 0x0ba8 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
12:09:17.0250 0x0ba8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] C:\WINDOWS\system32\drivers\raspppoe.sys
12:09:17.0250 0x0ba8 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
12:09:17.0250 0x0ba8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] C:\WINDOWS\system32\drivers\raspptp.sys
12:09:17.0250 0x0ba8 C:\WINDOWS\system32\drivers\raspptp.sys - ok
12:09:17.0250 0x0ba8 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] C:\WINDOWS\system32\drivers\tdi.sys
12:09:17.0250 0x0ba8 C:\WINDOWS\system32\drivers\tdi.sys - ok
12:09:17.0265 0x0ba8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] C:\WINDOWS\system32\drivers\msgpc.sys
12:09:17.0265 0x0ba8 C:\WINDOWS\system32\drivers\msgpc.sys - ok
12:09:17.0265 0x0ba8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] C:\WINDOWS\system32\drivers\psched.sys
12:09:17.0265 0x0ba8 C:\WINDOWS\system32\drivers\psched.sys - ok
12:09:17.0265 0x0ba8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
12:09:17.0265 0x0ba8 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
12:09:17.0265 0x0ba8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
12:09:17.0265 0x0ba8 C:\WINDOWS\system32\drivers\mouclass.sys - ok
12:09:17.0281 0x0ba8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
12:09:17.0281 0x0ba8 C:\WINDOWS\system32\drivers\ptilink.sys - ok
12:09:17.0281 0x0ba8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
12:09:17.0281 0x0ba8 C:\WINDOWS\system32\drivers\raspti.sys - ok
12:09:17.0281 0x0ba8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
12:09:17.0281 0x0ba8 C:\WINDOWS\system32\drivers\swenum.sys - ok
12:09:17.0281 0x0ba8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
12:09:17.0281 0x0ba8 C:\WINDOWS\system32\drivers\termdd.sys - ok
12:09:17.0281 0x0ba8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
12:09:17.0281 0x0ba8 C:\WINDOWS\system32\drivers\update.sys - ok
12:09:17.0296 0x0ba8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
12:09:17.0296 0x0ba8 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
12:09:17.0296 0x0ba8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] C:\WINDOWS\system32\drivers\ndproxy.sys
12:09:17.0296 0x0ba8 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
12:09:17.0296 0x0ba8 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] C:\WINDOWS\system32\drivers\drmk.sys
12:09:17.0296 0x0ba8 C:\WINDOWS\system32\drivers\drmk.sys - ok
12:09:17.0296 0x0ba8 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] C:\WINDOWS\system32\drivers\portcls.sys
12:09:17.0296 0x0ba8 C:\WINDOWS\system32\drivers\portcls.sys - ok
12:09:17.0312 0x0ba8 [ 001AACA6ED0E6B00FC5B8FAF74977E81, 1028C75EC3FED34D8FA012E737A7AB9B6B4647F7305A34B0DACA9806C87FB709 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:09:17.0312 0x0ba8 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
12:09:17.0312 0x0ba8 [ 04FE5EF6ED4818EC4839EA5C611A6310, 666479AF6789FC5DF2EA8D4B6216FDA9A4998D252F95BD003619D9376B1DC9E7 ] C:\WINDOWS\system32\drivers\usbd.sys
12:09:17.0312 0x0ba8 C:\WINDOWS\system32\drivers\usbd.sys - ok
12:09:17.0312 0x0ba8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
12:09:17.0312 0x0ba8 C:\WINDOWS\system32\drivers\usbhub.sys - ok
12:09:17.0312 0x0ba8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
12:09:17.0312 0x0ba8 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
12:09:17.0312 0x0ba8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
12:09:17.0312 0x0ba8 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
12:09:17.0328 0x0ba8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
12:09:17.0328 0x0ba8 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
12:09:17.0328 0x0ba8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
12:09:17.0328 0x0ba8 C:\WINDOWS\system32\drivers\beep.sys - ok
12:09:17.0328 0x0ba8 [ 3BD67A869964BF57266CBBD1DCA38C6A, 398912212ED568EA152C94EE16B7E1C9328CC600A9CDBCFF50C8C4B6DFA843E9 ] C:\WINDOWS\system32\drivers\ehdrv.sys
12:09:17.0328 0x0ba8 C:\WINDOWS\system32\drivers\ehdrv.sys - ok
12:09:17.0328 0x0ba8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
12:09:17.0328 0x0ba8 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
12:09:17.0343 0x0ba8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
12:09:17.0343 0x0ba8 C:\WINDOWS\system32\drivers\null.sys - ok
12:09:17.0343 0x0ba8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
12:09:17.0343 0x0ba8 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
12:09:17.0343 0x0ba8 [ C569EF030B11F896E123A30AC92678DB, F851E99B968BBAB82E3B0D1D2F985AEE1EAD10C3BBACDD02BAB2ACEE57CB048A ] C:\WINDOWS\system32\drivers\hidparse.sys
12:09:17.0343 0x0ba8 C:\WINDOWS\system32\drivers\hidparse.sys - ok
12:09:17.0343 0x0ba8 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] C:\WINDOWS\system32\drivers\kbdhid.sys
12:09:17.0343 0x0ba8 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
12:09:17.0343 0x0ba8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
12:09:17.0343 0x0ba8 C:\WINDOWS\system32\drivers\vga.sys - ok
12:09:17.0359 0x0ba8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
12:09:17.0359 0x0ba8 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
12:09:17.0359 0x0ba8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
12:09:17.0359 0x0ba8 C:\WINDOWS\system32\drivers\msfs.sys - ok
12:09:17.0359 0x0ba8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
12:09:17.0359 0x0ba8 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
12:09:17.0359 0x0ba8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] C:\WINDOWS\system32\drivers\ipsec.sys
12:09:17.0359 0x0ba8 C:\WINDOWS\system32\drivers\ipsec.sys - ok
12:09:17.0375 0x0ba8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
12:09:17.0375 0x0ba8 C:\WINDOWS\system32\drivers\npfs.sys - ok
12:09:17.0375 0x0ba8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
12:09:17.0375 0x0ba8 C:\WINDOWS\system32\drivers\rasacd.sys - ok
12:09:17.0375 0x0ba8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] C:\WINDOWS\system32\drivers\tcpip.sys
12:09:17.0375 0x0ba8 C:\WINDOWS\system32\drivers\tcpip.sys - ok
12:09:17.0375 0x0ba8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] C:\WINDOWS\system32\drivers\netbt.sys
12:09:17.0375 0x0ba8 C:\WINDOWS\system32\drivers\netbt.sys - ok
12:09:17.0390 0x0ba8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] C:\WINDOWS\system32\drivers\wanarp.sys
12:09:17.0390 0x0ba8 C:\WINDOWS\system32\drivers\wanarp.sys - ok
12:09:17.0390 0x0ba8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] C:\WINDOWS\system32\drivers\afd.sys
12:09:17.0390 0x0ba8 C:\WINDOWS\system32\drivers\afd.sys - ok
12:09:17.0390 0x0ba8 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] C:\WINDOWS\system32\drivers\arp1394.sys
12:09:17.0390 0x0ba8 C:\WINDOWS\system32\drivers\arp1394.sys - ok
12:09:17.0390 0x0ba8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] C:\WINDOWS\system32\drivers\netbios.sys
12:09:17.0390 0x0ba8 C:\WINDOWS\system32\drivers\netbios.sys - ok
12:09:17.0390 0x0ba8 [ 8FE075898DF6B206D0A5CF0FEB581B5E, 758995EFBC29D9D3C30DD4D84BEE37E3BE6FF49A7DF8625A9342A3CA8D54D341 ] C:\WINDOWS\system32\drivers\sbaphd.sys
12:09:17.0390 0x0ba8 C:\WINDOWS\system32\drivers\sbaphd.sys - ok
12:09:17.0406 0x0ba8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
12:09:17.0406 0x0ba8 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
12:09:17.0406 0x0ba8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] C:\WINDOWS\system32\drivers\MRXSMB.SYS
12:09:17.0406 0x0ba8 C:\WINDOWS\system32\drivers\MRXSMB.SYS - ok
12:09:17.0406 0x0ba8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] C:\WINDOWS\system32\drivers\rdbss.sys
12:09:17.0406 0x0ba8 C:\WINDOWS\system32\drivers\rdbss.sys - ok
12:09:17.0406 0x0ba8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] C:\WINDOWS\system32\drivers\fips.sys
12:09:17.0406 0x0ba8 C:\WINDOWS\system32\drivers\fips.sys - ok
12:09:17.0421 0x0ba8 [ C959989E2CE8DA9BDE8CAFDDBA84BADF, 6F54D6D03EA3854E7E66C70CDEE367EB519F6B1E4E67C3E5E5F568B403CB4AD3 ] C:\WINDOWS\system32\drivers\AsIO.sys
12:09:17.0421 0x0ba8 C:\WINDOWS\system32\drivers\AsIO.sys - ok
12:09:17.0421 0x0ba8 [ B83BDCCBACB65BAA9E20888DD0083A16, A38B29C768DF9153E704C92A410663A8CFFB29BDB5E6622881DEB7FFFEF0CB38 ] C:\WINDOWS\system32\drivers\ElbyCDIO.sys
12:09:17.0421 0x0ba8 C:\WINDOWS\system32\drivers\ElbyCDIO.sys - ok
12:09:17.0421 0x0ba8 [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] C:\WINDOWS\system32\ntdll.dll
12:09:17.0421 0x0ba8 C:\WINDOWS\system32\ntdll.dll - ok
12:09:17.0421 0x0ba8 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
12:09:17.0421 0x0ba8 C:\WINDOWS\system32\smss.exe - ok
12:09:17.0421 0x0ba8 [ 06080BB2C00014BC27D898FC9C5735B3, C91D87E2BEC14732ACE17EA6AC5A69239C3A42CFDE551C774F5C6C9CD75C2900 ] C:\WINDOWS\system32\PDBoot.exe
12:09:17.0421 0x0ba8 C:\WINDOWS\system32\PDBoot.exe - ok
12:09:17.0437 0x0ba8 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
12:09:17.0437 0x0ba8 C:\WINDOWS\system32\autochk.exe - ok
12:09:17.0437 0x0ba8 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
12:09:17.0437 0x0ba8 C:\WINDOWS\system32\sfcfiles.dll - ok
12:09:17.0437 0x0ba8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] C:\WINDOWS\system32\drivers\cdfs.sys
12:09:17.0437 0x0ba8 C:\WINDOWS\system32\drivers\cdfs.sys - ok
12:09:17.0437 0x0ba8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] C:\WINDOWS\system32\drivers\usbstor.sys
12:09:17.0437 0x0ba8 C:\WINDOWS\system32\drivers\usbstor.sys - ok
12:09:17.0453 0x0ba8 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] C:\WINDOWS\system32\drivers\hidclass.sys
12:09:17.0453 0x0ba8 C:\WINDOWS\system32\drivers\hidclass.sys - ok
12:09:17.0453 0x0ba8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] C:\WINDOWS\system32\drivers\hidusb.sys
12:09:17.0453 0x0ba8 C:\WINDOWS\system32\drivers\hidusb.sys - ok
12:09:17.0453 0x0ba8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] C:\WINDOWS\system32\drivers\mouhid.sys
12:09:17.0453 0x0ba8 C:\WINDOWS\system32\drivers\mouhid.sys - ok
12:09:17.0453 0x0ba8 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
12:09:17.0453 0x0ba8 C:\WINDOWS\system32\drivers\dxapi.sys - ok
12:09:17.0453 0x0ba8 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
12:09:17.0453 0x0ba8 C:\WINDOWS\system32\watchdog.sys - ok
12:09:17.0468 0x0ba8 [ D93D1ED33957BDC6374E2D8B8FB03F9F, 12ED9DEE330E5373DE51E40657221A71507107F6D790594840524DFD1429712F ] C:\WINDOWS\system32\win32k.sys
12:09:17.0468 0x0ba8 C:\WINDOWS\system32\win32k.sys - ok
12:09:17.0468 0x0ba8 [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] C:\WINDOWS\system32\csrsrv.dll
12:09:17.0468 0x0ba8 C:\WINDOWS\system32\csrsrv.dll - ok
12:09:17.0468 0x0ba8 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
12:09:17.0468 0x0ba8 C:\WINDOWS\system32\csrss.exe - ok
12:09:17.0468 0x0ba8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:09:17.0468 0x0ba8 C:\WINDOWS\system32\basesrv.dll - ok
12:09:17.0484 0x0ba8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:09:17.0484 0x0ba8 C:\WINDOWS\system32\winsrv.dll - ok
12:09:17.0484 0x0ba8 [ AFFE0B7126A86603D3F49A19A5B7DC46, 63C91B4726F583C1DC1B3F26CC8DC39C519401CF0005F223EE17A363BDBEA22F ] C:\WINDOWS\system32\gdi32.dll
12:09:17.0484 0x0ba8 C:\WINDOWS\system32\gdi32.dll - ok
12:09:17.0484 0x0ba8 [ 6FE42512AB1B89F32A7407F261B1D2D0, 30DCC1044BCC7108087462E173707DC8D947C4F37281686A79D3D40273901878 ] C:\WINDOWS\system32\kernel32.dll
12:09:17.0484 0x0ba8 C:\WINDOWS\system32\kernel32.dll - ok
12:09:17.0484 0x0ba8 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
12:09:17.0484 0x0ba8 C:\WINDOWS\system32\user32.dll - ok
12:09:17.0484 0x0ba8 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
12:09:17.0484 0x0ba8 C:\WINDOWS\system32\drivers\dxg.sys - ok
12:09:17.0500 0x0ba8 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
12:09:17.0500 0x0ba8 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
12:09:17.0500 0x0ba8 [ F3ECAEB4D8A93EA085913D9E154708AA, CE797BDF40BD7582C9B21B8F616601849F6D36898C880D50C39BBA490CB6990C ] C:\WINDOWS\system32\nv4_disp.dll
12:09:17.0500 0x0ba8 C:\WINDOWS\system32\nv4_disp.dll - ok
12:09:17.0500 0x0ba8 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
12:09:17.0500 0x0ba8 C:\WINDOWS\system32\vga.dll - ok
12:09:17.0500 0x0ba8 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
12:09:17.0500 0x0ba8 C:\WINDOWS\system32\winlogon.exe - ok
12:09:17.0515 0x0ba8 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
12:09:17.0515 0x0ba8 C:\WINDOWS\system32\advapi32.dll - ok
12:09:17.0515 0x0ba8 [ 44C164B34A72F29087ECA32411F2ED44, 112761CCEFE8F4B936AC58FF1F13589C0DBA3BE1AC348584D874B65DAB1EDED6 ] C:\WINDOWS\system32\rpcrt4.dll
12:09:17.0515 0x0ba8 C:\WINDOWS\system32\rpcrt4.dll - ok
12:09:17.0515 0x0ba8 [ F5A0F64F8733CC2FFBE5C8754215F662, BAF9E7E3C30FA3D9DDBE4475F9E147A1006A2C96B79A05994CD8AADBEEF2EC1D ] C:\WINDOWS\system32\secur32.dll
12:09:17.0515 0x0ba8 C:\WINDOWS\system32\secur32.dll - ok
12:09:17.0515 0x0ba8 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
12:09:17.0515 0x0ba8 C:\WINDOWS\system32\authz.dll - ok
12:09:17.0515 0x0ba8 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
12:09:17.0515 0x0ba8 C:\WINDOWS\system32\msvcrt.dll - ok
12:09:17.0531 0x0ba8 [ 636DF3FF20A1B69B3F9D21325E7115C7, 6B38CF96E92273995F40B6D7029D20B4041342D6EDD5B6CA73967A401823D4F5 ] C:\WINDOWS\system32\crypt32.dll
12:09:17.0531 0x0ba8 C:\WINDOWS\system32\crypt32.dll - ok
12:09:17.0531 0x0ba8 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
12:09:17.0531 0x0ba8 C:\WINDOWS\system32\msasn1.dll - ok
12:09:17.0531 0x0ba8 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
12:09:17.0531 0x0ba8 C:\WINDOWS\system32\nddeapi.dll - ok
12:09:17.0531 0x0ba8 [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] C:\WINDOWS\system32\netapi32.dll
12:09:17.0531 0x0ba8 C:\WINDOWS\system32\netapi32.dll - ok
12:09:17.0546 0x0ba8 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
12:09:17.0546 0x0ba8 C:\WINDOWS\system32\profmap.dll - ok
12:09:17.0546 0x0ba8 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
12:09:17.0546 0x0ba8 C:\WINDOWS\system32\userenv.dll - ok
12:09:17.0546 0x0ba8 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
12:09:17.0546 0x0ba8 C:\WINDOWS\system32\psapi.dll - ok
12:09:17.0546 0x0ba8 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
12:09:17.0546 0x0ba8 C:\WINDOWS\system32\regapi.dll - ok
12:09:17.0562 0x0ba8 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
12:09:17.0562 0x0ba8 C:\WINDOWS\system32\setupapi.dll - ok
12:09:17.0562 0x0ba8 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
12:09:17.0562 0x0ba8 C:\WINDOWS\system32\version.dll - ok
12:09:17.0562 0x0ba8 [ 16E916243BDDBAF44D98E623B2D0CEAD, A1C56AC378EDA9ACBE73342BEE0897E028BDD368288552108FC77A7AA1478690 ] C:\WINDOWS\system32\imagehlp.dll
12:09:17.0562 0x0ba8 C:\WINDOWS\system32\imagehlp.dll - ok
12:09:17.0562 0x0ba8 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
12:09:17.0562 0x0ba8 C:\WINDOWS\system32\winsta.dll - ok
12:09:17.0562 0x0ba8 [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] C:\WINDOWS\system32\wintrust.dll
12:09:17.0562 0x0ba8 C:\WINDOWS\system32\wintrust.dll - ok
12:09:17.0578 0x0ba8 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
12:09:17.0578 0x0ba8 C:\WINDOWS\system32\ws2_32.dll - ok
12:09:17.0578 0x0ba8 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
12:09:17.0578 0x0ba8 C:\WINDOWS\system32\ws2help.dll - ok
12:09:17.0578 0x0ba8 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
12:09:17.0578 0x0ba8 C:\WINDOWS\system32\imm32.dll - ok
12:09:17.0578 0x0ba8 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
12:09:17.0578 0x0ba8 C:\WINDOWS\system32\kbdus.dll - ok
12:09:17.0593 0x0ba8 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
12:09:17.0593 0x0ba8 C:\WINDOWS\system32\msgina.dll - ok
12:09:17.0593 0x0ba8 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
12:09:17.0593 0x0ba8 C:\WINDOWS\system32\comctl32.dll - ok
12:09:17.0593 0x0ba8 [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] C:\WINDOWS\system32\odbc32.dll
12:09:17.0593 0x0ba8 C:\WINDOWS\system32\odbc32.dll - ok
12:09:17.0593 0x0ba8 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
12:09:17.0593 0x0ba8 C:\WINDOWS\system32\comdlg32.dll - ok
12:09:17.0593 0x0ba8 [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] C:\WINDOWS\system32\shell32.dll
12:09:17.0593 0x0ba8 C:\WINDOWS\system32\shell32.dll - ok
12:09:17.0609 0x0ba8 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
12:09:17.0609 0x0ba8 C:\WINDOWS\system32\shlwapi.dll - ok
12:09:17.0609 0x0ba8 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
12:09:17.0609 0x0ba8 C:\WINDOWS\system32\sxs.dll - ok
12:09:17.0609 0x0ba8 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
12:09:17.0609 0x0ba8 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
12:09:17.0609 0x0ba8 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
12:09:17.0609 0x0ba8 C:\WINDOWS\system32\odbcint.dll - ok
12:09:17.0625 0x0ba8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] C:\WINDOWS\system32\shsvcs.dll
12:09:17.0625 0x0ba8 C:\WINDOWS\system32\shsvcs.dll - ok
12:09:17.0625 0x0ba8 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
12:09:17.0625 0x0ba8 C:\WINDOWS\system32\sfc.dll - ok
12:09:17.0625 0x0ba8 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
12:09:17.0625 0x0ba8 C:\WINDOWS\system32\sfc_os.dll - ok
12:09:17.0625 0x0ba8 [ 59B408E5B8489B0B36A0D783D150EDCC, CB234B25502B0CE0C1E6CFA883FDDF64DAB7A6E50A6AD36CAB3B30A7C872B403 ] C:\WINDOWS\system32\ole32.dll
12:09:17.0625 0x0ba8 C:\WINDOWS\system32\ole32.dll - ok
12:09:17.0625 0x0ba8 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
12:09:17.0625 0x0ba8 C:\WINDOWS\system32\apphelp.dll - ok
12:09:17.0640 0x0ba8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
12:09:17.0640 0x0ba8 C:\WINDOWS\system32\lsass.exe - ok
12:09:17.0640 0x0ba8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:09:17.0640 0x0ba8 C:\WINDOWS\system32\services.exe - ok
12:09:17.0640 0x0ba8 [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] C:\WINDOWS\system32\lsasrv.dll
12:09:17.0640 0x0ba8 C:\WINDOWS\system32\lsasrv.dll - ok
12:09:17.0640 0x0ba8 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
12:09:17.0640 0x0ba8 C:\WINDOWS\system32\msvcp60.dll - ok
12:09:17.0656 0x0ba8 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
12:09:17.0656 0x0ba8 C:\WINDOWS\system32\ncobjapi.dll - ok
12:09:17.0656 0x0ba8 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
12:09:17.0656 0x0ba8 C:\WINDOWS\system32\scesrv.dll - ok
12:09:17.0656 0x0ba8 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
12:09:17.0656 0x0ba8 C:\WINDOWS\system32\umpnpmgr.dll - ok
12:09:17.0656 0x0ba8 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\acadproc.dll
12:09:17.0656 0x0ba8 C:\WINDOWS\AppPatch\acadproc.dll - ok
12:09:17.0656 0x0ba8 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
12:09:17.0656 0x0ba8 C:\WINDOWS\system32\mpr.dll - ok
12:09:17.0671 0x0ba8 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
12:09:17.0671 0x0ba8 C:\WINDOWS\system32\ntdsapi.dll - ok
12:09:17.0671 0x0ba8 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
12:09:17.0671 0x0ba8 C:\WINDOWS\system32\shimeng.dll - ok
12:09:17.0671 0x0ba8 [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] C:\WINDOWS\system32\dnsapi.dll
12:09:17.0671 0x0ba8 C:\WINDOWS\system32\dnsapi.dll - ok
12:09:17.0671 0x0ba8 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
12:09:17.0671 0x0ba8 C:\WINDOWS\system32\wldap32.dll - ok
12:09:17.0687 0x0ba8 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
12:09:17.0687 0x0ba8 C:\WINDOWS\system32\samlib.dll - ok
12:09:17.0687 0x0ba8 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
12:09:17.0687 0x0ba8 C:\WINDOWS\system32\samsrv.dll - ok
12:09:17.0687 0x0ba8 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\acgenral.dll
12:09:17.0687 0x0ba8 C:\WINDOWS\AppPatch\acgenral.dll - ok
12:09:17.0687 0x0ba8 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
12:09:17.0687 0x0ba8 C:\WINDOWS\system32\cryptdll.dll - ok
12:09:17.0687 0x0ba8 [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] C:\WINDOWS\system32\winmm.dll
12:09:17.0687 0x0ba8 C:\WINDOWS\system32\winmm.dll - ok
12:09:17.0703 0x0ba8 [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] C:\WINDOWS\system32\oleaut32.dll
12:09:17.0703 0x0ba8 C:\WINDOWS\system32\oleaut32.dll - ok
12:09:17.0703 0x0ba8 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
12:09:17.0703 0x0ba8 C:\WINDOWS\system32\msacm32.dll - ok
12:09:17.0703 0x0ba8 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
12:09:17.0703 0x0ba8 C:\WINDOWS\system32\uxtheme.dll - ok
12:09:17.0703 0x0ba8 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
12:09:17.0703 0x0ba8 C:\WINDOWS\system32\msapsspc.dll - ok
12:09:17.0718 0x0ba8 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
12:09:17.0718 0x0ba8 C:\WINDOWS\system32\msvcrt40.dll - ok
12:09:17.0718 0x0ba8 [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] C:\WINDOWS\system32\schannel.dll
12:09:17.0718 0x0ba8 C:\WINDOWS\system32\schannel.dll - ok
12:09:17.0718 0x0ba8 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
12:09:17.0718 0x0ba8 C:\WINDOWS\system32\digest.dll - ok
12:09:17.0718 0x0ba8 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] C:\WINDOWS\system32\msnsspc.dll
12:09:17.0718 0x0ba8 C:\WINDOWS\system32\msnsspc.dll - ok
12:09:17.0718 0x0ba8 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\msctfime.ime
12:09:17.0718 0x0ba8 C:\WINDOWS\system32\msctfime.ime - ok
12:09:17.0734 0x0ba8 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
12:09:17.0734 0x0ba8 C:\WINDOWS\system32\msprivs.dll - ok
12:09:17.0734 0x0ba8 [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] C:\WINDOWS\system32\kerberos.dll
12:09:17.0734 0x0ba8 C:\WINDOWS\system32\kerberos.dll - ok
12:09:17.0734 0x0ba8 [ 0F152F4E57FDF9E8E8BDFEA583A4926B, 2D05BD8666F231529D5BABC806243CCCFDA5E9860D1EBB5A400A133D8924F4E1 ] C:\WINDOWS\system32\msv1_0.dll
12:09:17.0734 0x0ba8 C:\WINDOWS\system32\msv1_0.dll - ok
12:09:17.0734 0x0ba8 [ 318FAA70D9B0FB8DD168D4ED628E27B2, 2C407FFDA4A02D4A1CB9592C6FA4293BA31BE8852670436F1187A8107572ED41 ] C:\WINDOWS\system32\atmfd.dll
12:09:17.0734 0x0ba8 C:\WINDOWS\system32\atmfd.dll - ok
12:09:17.0750 0x0ba8 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
12:09:17.0750 0x0ba8 C:\WINDOWS\system32\iphlpapi.dll - ok
12:09:17.0750 0x0ba8 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
12:09:17.0750 0x0ba8 C:\WINDOWS\system32\netlogon.dll - ok
12:09:17.0750 0x0ba8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
12:09:17.0750 0x0ba8 C:\WINDOWS\system32\w32time.dll - ok
12:09:17.0750 0x0ba8 [ CEFCC6A64983EB8119F3A07A0C1EDE30, 815CE35B787D9491380B02F7F19712B99A035187FD743C6072EA33E7EBFCB54B ] C:\WINDOWS\system32\wdigest.dll
12:09:17.0750 0x0ba8 C:\WINDOWS\system32\wdigest.dll - ok
12:09:17.0750 0x0ba8 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
12:09:17.0750 0x0ba8 C:\WINDOWS\system32\rsaenh.dll - ok
12:09:17.0765 0x0ba8 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
12:09:17.0765 0x0ba8 C:\WINDOWS\system32\winscard.dll - ok
12:09:17.0765 0x0ba8 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
12:09:17.0765 0x0ba8 C:\WINDOWS\system32\wtsapi32.dll - ok
12:09:17.0765 0x0ba8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] C:\WINDOWS\system32\mswsock.dll
12:09:17.0765 0x0ba8 C:\WINDOWS\system32\mswsock.dll - ok
12:09:17.0765 0x0ba8 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
12:09:17.0765 0x0ba8 C:\WINDOWS\system32\scecli.dll - ok
12:09:17.0781 0x0ba8 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
12:09:17.0781 0x0ba8 C:\WINDOWS\system32\hnetcfg.dll - ok
12:09:17.0781 0x0ba8 [ 59D9E5DBCFEF1E0E3DBAC1B55C718F2D, 9F089B4627B627944F7913D2A6915E5545179EBCAE4E45D69DF247BC433AE956 ] C:\WINDOWS\system32\drivers\eamon.sys
12:09:17.0781 0x0ba8 C:\WINDOWS\system32\drivers\eamon.sys - ok
12:09:17.0781 0x0ba8 [ 29658F5353D5B73CA514A784E6AAC54E, ADB33EAFE66BB10200695D8BD71385455907E95D7E7EE1FB6B2DB8FA9B7167F9 ] C:\WINDOWS\system32\drivers\sbapifs.sys
12:09:17.0781 0x0ba8 C:\WINDOWS\system32\drivers\sbapifs.sys - ok
12:09:17.0781 0x0ba8 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
12:09:17.0781 0x0ba8 C:\WINDOWS\system32\wshtcpip.dll - ok
12:09:17.0796 0x0ba8 [ C7133C04005E4BE5C3D8762D6BFC1048, 9ADA9EF09E6EA1162D037FFE8D33F96313E8F7BEBDE17D601C59CD766782D5BE ] C:\WINDOWS\system32\drivers\PDFsFilter.sys
12:09:17.0796 0x0ba8 C:\WINDOWS\system32\drivers\PDFsFilter.sys - ok
12:09:17.0796 0x0ba8 [ 6DCB8DDB481CD3C40FA68593723B4D89, EE7D05C688C9FFBC1281E7152B5FC0AFC2CD21F778C6733E0F47024BF73E4A4D ] C:\WINDOWS\system32\drivers\tifsfilt.sys
12:09:17.0796 0x0ba8 C:\WINDOWS\system32\drivers\tifsfilt.sys - ok
12:09:17.0796 0x0ba8 [ C0204C1A7A2D2433D48F49E4ECC09AB6, CC6CC0B97D0469C0D72C74AE1F8A5577201872B724ED411AC2309C77A182A4F2 ] C:\WINDOWS\system32\nvsvc32.exe
12:09:17.0796 0x0ba8 C:\WINDOWS\system32\nvsvc32.exe - ok
12:09:17.0796 0x0ba8 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
12:09:17.0796 0x0ba8 C:\WINDOWS\system32\powrprof.dll - ok
12:09:17.0796 0x0ba8 [ 8FFC8E6236073D462CAD9EDABFD3E0E4, 24E39D8CDF96F829BE877A71521EECC92DF2F76E100207E8B28179BD51967F3B ] C:\WINDOWS\system32\nvcpl.dll
12:09:17.0796 0x0ba8 C:\WINDOWS\system32\nvcpl.dll - ok
12:09:17.0812 0x0ba8 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
12:09:17.0812 0x0ba8 C:\WINDOWS\system32\winspool.drv - ok
12:09:17.0812 0x0ba8 [ F8CA6B1A22E7B9A2B3E77783A249B986, 6EF964682DB93C71796C80473ABCC1DB0A8E1B0BC4E59B7FC1CDD2E33B80515C ] C:\WINDOWS\system32\nvapi.dll
12:09:17.0812 0x0ba8 C:\WINDOWS\system32\nvapi.dll - ok
12:09:17.0812 0x0ba8 [ 6819F2561545100677F86A901EE9B058, F192B423E61C04C679F75D5E3A2175CA9C53699564866E979118757F55E9F220 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
12:09:17.0812 0x0ba8 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
12:09:17.0812 0x0ba8 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
12:09:17.0812 0x0ba8 C:\WINDOWS\system32\logonui.exe - ok
12:09:17.0828 0x0ba8 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
12:09:17.0828 0x0ba8 C:\WINDOWS\system32\duser.dll - ok
12:09:17.0828 0x0ba8 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
12:09:17.0828 0x0ba8 C:\WINDOWS\system32\msimg32.dll - ok
12:09:17.0828 0x0ba8 [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] C:\WINDOWS\system32\oleacc.dll
12:09:17.0828 0x0ba8 C:\WINDOWS\system32\oleacc.dll - ok
12:09:17.0828 0x0ba8 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
12:09:17.0828 0x0ba8 C:\WINDOWS\system32\clbcatq.dll - ok
12:09:17.0828 0x0ba8 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
12:09:17.0828 0x0ba8 C:\WINDOWS\system32\comres.dll - ok
12:09:17.0843 0x0ba8 [ 35CA8E076A55151EFC76C05787B0DE0A, 143DD1F2CD53C6AAA50F4E0F59F500063446D6C73AEC9C0E5171DE82E8A197F1 ] C:\WINDOWS\system32\drivers\DefragFs.sys
12:09:17.0843 0x0ba8 C:\WINDOWS\system32\drivers\DefragFs.sys - ok
12:09:17.0843 0x0ba8 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
12:09:17.0843 0x0ba8 C:\WINDOWS\system32\svchost.exe - ok
12:09:17.0843 0x0ba8 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
12:09:17.0843 0x0ba8 C:\WINDOWS\system32\shgina.dll - ok
12:09:17.0843 0x0ba8 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
12:09:17.0843 0x0ba8 C:\WINDOWS\system32\ntmarta.dll - ok
12:09:17.0859 0x0ba8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
12:09:17.0859 0x0ba8 C:\WINDOWS\system32\rpcss.dll - ok
12:09:17.0859 0x0ba8 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
12:09:17.0859 0x0ba8 C:\WINDOWS\system32\xpsp2res.dll - ok
12:09:17.0859 0x0ba8 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
12:09:17.0859 0x0ba8 C:\WINDOWS\system32\eventlog.dll - ok
12:09:17.0859 0x0ba8 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
12:09:17.0859 0x0ba8 C:\WINDOWS\system32\winrnr.dll - ok
12:09:17.0859 0x0ba8 [ C69DBFA61FE3DEA653A9B83C3A2B052B, 25539FBB63DC26D97FC898B9EBEC3C0A6E4827F52F25E6058E42136BDFF003AD ] C:\Program Files\Bonjour\mdnsNSP.dll
12:09:17.0859 0x0ba8 C:\Program Files\Bonjour\mdnsNSP.dll - ok
12:09:17.0875 0x0ba8 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
12:09:17.0875 0x0ba8 C:\WINDOWS\system32\rasadhlp.dll - ok
12:09:17.0875 0x0ba8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] C:\WINDOWS\system32\drivers\ndisuio.sys
12:09:17.0875 0x0ba8 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
12:09:17.0875 0x0ba8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
12:09:17.0875 0x0ba8 C:\WINDOWS\system32\dhcpcsvc.dll - ok
12:09:17.0875 0x0ba8 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
12:09:17.0875 0x0ba8 C:\WINDOWS\system32\cscdll.dll - ok
12:09:17.0890 0x0ba8 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
12:09:17.0890 0x0ba8 C:\WINDOWS\system32\dimsntfy.dll - ok
12:09:17.0890 0x0ba8 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
12:09:17.0890 0x0ba8 C:\WINDOWS\system32\wlnotify.dll - ok
12:09:17.0890 0x0ba8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] C:\WINDOWS\system32\dnsrslvr.dll
12:09:17.0890 0x0ba8 C:\WINDOWS\system32\dnsrslvr.dll - ok
12:09:17.0890 0x0ba8 [ 7EF62090DA27B2636E0ED6B469B56D2C, F51B30B4690048904BAC78AEED90DB7313808823CDD5940ED34A27BDECB156C8 ] C:\WINDOWS\system32\WgaLogon.dll
12:09:17.0890 0x0ba8 C:\WINDOWS\system32\WgaLogon.dll - ok
12:09:17.0906 0x0ba8 [ 03A02D5A2D50198BDF6C62AF209438D0, 7A2577BB31B937436689EB8E3F415F71D3744209EFFC110C9B12C42025F36C88 ] C:\WINDOWS\system32\msxml3.dll
12:09:17.0906 0x0ba8 C:\WINDOWS\system32\msxml3.dll - ok
12:09:17.0906 0x0ba8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] C:\WINDOWS\system32\lmhsvc.dll
12:09:17.0906 0x0ba8 C:\WINDOWS\system32\lmhsvc.dll - ok
12:09:17.0906 0x0ba8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] C:\WINDOWS\system32\wzcsvc.dll
12:09:17.0906 0x0ba8 C:\WINDOWS\system32\wzcsvc.dll - ok
12:09:17.0906 0x0ba8 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
12:09:17.0906 0x0ba8 C:\WINDOWS\system32\rtutils.dll - ok
12:09:17.0906 0x0ba8 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
12:09:17.0906 0x0ba8 C:\WINDOWS\system32\wmi.dll - ok
12:09:17.0921 0x0ba8 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] C:\WINDOWS\system32\eapolqec.dll
12:09:17.0921 0x0ba8 C:\WINDOWS\system32\eapolqec.dll - ok
12:09:17.0921 0x0ba8 [ 72F2CFC7653FB5ABB85789D28E26A643, 4B6937DD76956CD449AA9E777080F18BF539EF499DD52433D31828039ADBAEB8 ] C:\WINDOWS\system32\atl.dll
12:09:17.0921 0x0ba8 C:\WINDOWS\system32\atl.dll - ok
12:09:17.0921 0x0ba8 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] C:\WINDOWS\system32\qutil.dll
12:09:17.0921 0x0ba8 C:\WINDOWS\system32\qutil.dll - ok
12:09:17.0921 0x0ba8 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
12:09:17.0921 0x0ba8 C:\WINDOWS\system32\dot3api.dll - ok
12:09:17.0937 0x0ba8 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
12:09:17.0937 0x0ba8 C:\WINDOWS\system32\esent.dll - ok
12:09:17.0937 0x0ba8 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] C:\WINDOWS\system32\rastls.dll
12:09:17.0937 0x0ba8 C:\WINDOWS\system32\rastls.dll - ok
12:09:17.0937 0x0ba8 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
12:09:17.0937 0x0ba8 C:\WINDOWS\system32\cryptui.dll - ok
12:09:17.0937 0x0ba8 [ E09551776D365BCA891BBFFB31EE4B4C, 3BDF0A2544E53DDB68E5A89C39D2F9F7C6B753E27B2F3F83AC37975D2196662B ] C:\WINDOWS\system32\wininet.dll
12:09:17.0937 0x0ba8 C:\WINDOWS\system32\wininet.dll - ok
12:09:17.0937 0x0ba8 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
12:09:17.0937 0x0ba8 C:\WINDOWS\system32\normaliz.dll - ok
12:09:17.0953 0x0ba8 [ 4A5B3897E8DE45A978899675884551CF, A1E985DB0AD26E7F088366651C3A93A0FBC8DA119C5B20A0280BA817A8619CAA ] C:\WINDOWS\system32\urlmon.dll
12:09:17.0953 0x0ba8 C:\WINDOWS\system32\urlmon.dll - ok
12:09:17.0953 0x0ba8 [ AC21AAB649E781B067DB56CFFF303CC7, 50A8EC56E06A33FBACF6ADE545B1EF212100D4A7AB2CE45F8C67B306E9A7399B ] C:\WINDOWS\system32\iertutil.dll
12:09:17.0953 0x0ba8 C:\WINDOWS\system32\iertutil.dll - ok
12:09:17.0953 0x0ba8 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] C:\WINDOWS\system32\mprapi.dll
12:09:17.0953 0x0ba8 C:\WINDOWS\system32\mprapi.dll - ok
12:09:17.0953 0x0ba8 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] C:\WINDOWS\system32\activeds.dll
12:09:17.0953 0x0ba8 C:\WINDOWS\system32\activeds.dll - ok
12:09:17.0953 0x0ba8 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] C:\WINDOWS\system32\adsldpc.dll
12:09:17.0953 0x0ba8 C:\WINDOWS\system32\adsldpc.dll - ok
12:09:17.0968 0x0ba8 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
12:09:17.0968 0x0ba8 C:\WINDOWS\system32\rasapi32.dll - ok
12:09:17.0968 0x0ba8 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
12:09:17.0968 0x0ba8 C:\WINDOWS\system32\rasman.dll - ok
12:09:17.0968 0x0ba8 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
12:09:17.0968 0x0ba8 C:\WINDOWS\system32\tapi32.dll - ok
12:09:17.0968 0x0ba8 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
12:09:17.0968 0x0ba8 C:\WINDOWS\system32\riched20.dll - ok
12:09:17.0984 0x0ba8 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] C:\WINDOWS\system32\raschap.dll
12:09:17.0984 0x0ba8 C:\WINDOWS\system32\raschap.dll - ok
12:09:17.0984 0x0ba8 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
12:09:17.0984 0x0ba8 C:\WINDOWS\system32\cscui.dll - ok
12:09:17.0984 0x0ba8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] C:\WINDOWS\system32\schedsvc.dll
12:09:17.0984 0x0ba8 C:\WINDOWS\system32\schedsvc.dll - ok
12:09:17.0984 0x0ba8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] C:\WINDOWS\system32\netman.dll
12:09:17.0984 0x0ba8 C:\WINDOWS\system32\netman.dll - ok
12:09:17.0984 0x0ba8 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] C:\WINDOWS\system32\dpcdll.dll
12:09:17.0984 0x0ba8 C:\WINDOWS\system32\dpcdll.dll - ok
12:09:18.0000 0x0ba8 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
12:09:18.0000 0x0ba8 C:\WINDOWS\system32\netshell.dll - ok
12:09:18.0000 0x0ba8 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
12:09:18.0000 0x0ba8 C:\WINDOWS\system32\credui.dll - ok
12:09:18.0000 0x0ba8 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
12:09:18.0000 0x0ba8 C:\WINDOWS\system32\dot3dlg.dll - ok
12:09:18.0000 0x0ba8 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
12:09:18.0000 0x0ba8 C:\WINDOWS\system32\onex.dll - ok
12:09:18.0015 0x0ba8 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
12:09:18.0015 0x0ba8 C:\WINDOWS\system32\eappcfg.dll - ok
12:09:18.0015 0x0ba8 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] C:\WINDOWS\system32\eappprxy.dll
12:09:18.0015 0x0ba8 C:\WINDOWS\system32\eappprxy.dll - ok
12:09:18.0015 0x0ba8 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] C:\WINDOWS\system32\wzcsapi.dll
12:09:18.0015 0x0ba8 C:\WINDOWS\system32\wzcsapi.dll - ok
12:09:18.0015 0x0ba8 [ E47E364C96467FD54FA44D59F927C3AB, D48C377A7ACF805C413D4618A099A50BE6724E8996C151B00DEAFD27CA935183 ] C:\WINDOWS\system32\msidle.dll
12:09:18.0015 0x0ba8 C:\WINDOWS\system32\msidle.dll - ok
12:09:18.0031 0x0ba8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] C:\WINDOWS\system32\spoolsv.exe
12:09:18.0031 0x0ba8 C:\WINDOWS\system32\spoolsv.exe - ok
12:09:18.0031 0x0ba8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] C:\WINDOWS\system32\audiosrv.dll
12:09:18.0031 0x0ba8 C:\WINDOWS\system32\audiosrv.dll - ok
12:09:18.0031 0x0ba8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] C:\WINDOWS\system32\wkssvc.dll
12:09:18.0031 0x0ba8 C:\WINDOWS\system32\wkssvc.dll - ok
12:09:18.0031 0x0ba8 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
12:09:18.0031 0x0ba8 C:\WINDOWS\system32\userinit.exe - ok
12:09:18.0031 0x0ba8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] C:\Program Files\Google\Update\GoogleUpdate.exe
12:09:18.0031 0x0ba8 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
12:09:18.0046 0x0ba8 [ A43B937C580F5DFC43EF63EF72992FE9, 1B1C9B434BF12D39B2CC750AABB953169E3B43095827CD086750B2195BBC5B64 ] C:\Program Files\Google\Update\1.3.22.5\goopdate.dll
12:09:18.0046 0x0ba8 C:\Program Files\Google\Update\1.3.22.5\goopdate.dll - ok
12:09:18.0046 0x0ba8 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
12:09:18.0046 0x0ba8 C:\WINDOWS\system32\msi.dll - ok
12:09:18.0046 0x0ba8 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
12:09:18.0046 0x0ba8 C:\WINDOWS\explorer.exe - ok
12:09:18.0046 0x0ba8 [ E392E172687BE172F8600C5F41AB03D9, 5E928035FA9DB71FDCEB74D6D4859E43169A0B202A87653A2CE5F88865D13D2E ] C:\WINDOWS\system32\browseui.dll
12:09:18.0046 0x0ba8 C:\WINDOWS\system32\browseui.dll - ok
12:09:18.0062 0x0ba8 [ 26CB10FA893F940AB09713FF46DCDADE, B113E03877FF2073ABAC1A7DF53A575F15915438C5EB10401FFEF7CAAEA902BC ] C:\WINDOWS\system32\shdocvw.dll
12:09:18.0062 0x0ba8 C:\WINDOWS\system32\shdocvw.dll - ok
12:09:18.0062 0x0ba8 [ B6E6F3F5B63053D5DC1F4EE32992492F, 089F9C92B677A138BABA4817624E8CA49B7E507B7D6FA0B1A3B4302B354B5C7E ] C:\WINDOWS\system32\dbghelp.dll
12:09:18.0062 0x0ba8 C:\WINDOWS\system32\dbghelp.dll - ok
12:09:18.0062 0x0ba8 [ C98ACDE22458C8F46FD0503CB9E2D01F, C3B06C13F2EC3DCD6B91F02D11204FE06FBEE6C673E8CDEF1134C764250438AA ] C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
12:09:18.0062 0x0ba8 C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe - ok
12:09:18.0062 0x0ba8 [ 4044E880593FE1AC9942190FCE414BE7, 1EBD42F10592D57A2C8562C641461DE5288D9E900FE91A4A1800C9AB9034F2CD ] C:\WINDOWS\system32\mstask.dll
12:09:18.0062 0x0ba8 C:\WINDOWS\system32\mstask.dll - ok
12:09:18.0078 0x0ba8 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] C:\WINDOWS\system32\wdmaud.drv
12:09:18.0078 0x0ba8 C:\WINDOWS\system32\wdmaud.drv - ok
12:09:18.0078 0x0ba8 [ 8D566D1D239B3AFE06DCA53264A1ED44, FCE2639982052803B02358A4DB3B1F985073819F95025FEAA635E48527010310 ] C:\WINDOWS\system32\AcSignIcon.dll
12:09:18.0078 0x0ba8 C:\WINDOWS\system32\AcSignIcon.dll - ok
12:09:18.0078 0x0ba8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] C:\WINDOWS\system32\drivers\wdmaud.sys
12:09:18.0078 0x0ba8 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
12:09:18.0078 0x0ba8 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A, 52D1A8AA992AF2F727DA4B16522D604648D700997B1620CCB67D05838C127674 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
12:09:18.0078 0x0ba8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok
12:09:18.0078 0x0ba8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] C:\WINDOWS\system32\drivers\sysaudio.sys
12:09:18.0078 0x0ba8 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
12:09:18.0093 0x0ba8 [ C9564CF4976E7E96B4052737AA2492B4, C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
12:09:18.0093 0x0ba8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
12:09:18.0093 0x0ba8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] C:\WINDOWS\system32\drivers\splitter.sys
12:09:18.0093 0x0ba8 C:\WINDOWS\system32\drivers\splitter.sys - ok
12:09:18.0093 0x0ba8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] C:\WINDOWS\system32\drivers\aec.sys
12:09:18.0093 0x0ba8 C:\WINDOWS\system32\drivers\aec.sys - ok
12:09:18.0093 0x0ba8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] C:\WINDOWS\system32\drivers\swmidi.sys
12:09:18.0093 0x0ba8 C:\WINDOWS\system32\drivers\swmidi.sys - ok
12:09:18.0109 0x0ba8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] C:\WINDOWS\system32\drivers\dmusic.sys
12:09:18.0109 0x0ba8 C:\WINDOWS\system32\drivers\dmusic.sys - ok
12:09:18.0109 0x0ba8 [ 28A09777D2D952122567A8A82F1A2C7B, 772260DF36AE85A0619C51402DE416E0C329976B724C8E9C4F8C013CBB7C7289 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
12:09:18.0109 0x0ba8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok
12:09:18.0109 0x0ba8 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
12:09:18.0109 0x0ba8 C:\WINDOWS\system32\desk.cpl - ok
12:09:18.0109 0x0ba8 [ EE9710428FFB95FD3845D41E7148AC31, 5CFBE4B7BCCB136B958E21EACB965E09F7D6CC0CB29DEA9022047809582B1065 ] C:\WINDOWS\system32\themeui.dll
12:09:18.0109 0x0ba8 C:\WINDOWS\system32\themeui.dll - ok
12:09:18.0109 0x0ba8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] C:\WINDOWS\system32\drivers\kmixer.sys
12:09:18.0125 0x0ba8 C:\WINDOWS\system32\drivers\kmixer.sys - ok
12:09:18.0125 0x0ba8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] C:\WINDOWS\system32\drivers\drmkaud.sys
12:09:18.0125 0x0ba8 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
12:09:18.0125 0x0ba8 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
12:09:18.0125 0x0ba8 C:\WINDOWS\system32\actxprxy.dll - ok
12:09:18.0125 0x0ba8 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] C:\WINDOWS\system32\msacm32.drv
12:09:18.0125 0x0ba8 C:\WINDOWS\system32\msacm32.drv - ok
12:09:18.0125 0x0ba8 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] C:\WINDOWS\system32\midimap.dll
12:09:18.0125 0x0ba8 C:\WINDOWS\system32\midimap.dll - ok
12:09:18.0140 0x0ba8 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] C:\WINDOWS\system32\cmd.exe
12:09:18.0140 0x0ba8 C:\WINDOWS\system32\cmd.exe - ok
12:09:18.0140 0x0ba8 [ DE932EC79D79C1495BF685CECB6AF0F3, 42D0C265DABC6BAC710E088EE5855660D607CE7DA6A098E4C1AC4A0BF8CC2773 ] C:\WINDOWS\system32\ieframe.dll
12:09:18.0140 0x0ba8 C:\WINDOWS\system32\ieframe.dll - ok
12:09:18.0140 0x0ba8 [ F672155776ABADF6A23C59E74491C9F2, B623F7901B85BA72808EC4AF9A195236C601A6B965F9202DB557746AE3FFC327 ] C:\DOCUME~1\Robert\LOCALS~1\temp\{0346143C-48B5-4D28-B7C2-20B5E7B9BAB3}.exe
12:09:18.0140 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{0346143C-48B5-4D28-B7C2-20B5E7B9BAB3}.exe - ok
12:09:18.0140 0x0ba8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] C:\WINDOWS\system32\drivers\mrxdav.sys
12:09:18.0140 0x0ba8 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
12:09:18.0156 0x0ba8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] C:\WINDOWS\system32\webclnt.dll
12:09:18.0156 0x0ba8 C:\WINDOWS\system32\webclnt.dll - ok
12:09:18.0156 0x0ba8 [ AC9A93C782B6A2D29DAAE75C19FD9816, BED121DFFDF27862951D4BBE1A5681648FFEF1BA548060BB78450216A93E8F10 ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
12:09:18.0156 0x0ba8 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok
12:09:18.0156 0x0ba8 [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] C:\WINDOWS\system32\winhttp.dll
12:09:18.0156 0x0ba8 C:\WINDOWS\system32\winhttp.dll - ok
12:09:18.0156 0x0ba8 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC, 372AF797353F9335915CD06D4076BAB8410775DCAF2DAC0593197D7C41BBFFB2 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
12:09:18.0156 0x0ba8 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
12:09:18.0156 0x0ba8 [ DBD89BC0DBE00DCD245BE8F61DBEE291, 7AC7291EF660338695CF4C8A8C0BBC8A6F456688E71D889F39EFBD2F5854DA26 ] C:\WINDOWS\system32\drivers\cvintdrv.sys
12:09:18.0156 0x0ba8 C:\WINDOWS\system32\drivers\cvintdrv.sys - ok
12:09:18.0171 0x0ba8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] C:\WINDOWS\system32\drivers\parvdm.sys
12:09:18.0171 0x0ba8 C:\WINDOWS\system32\drivers\parvdm.sys - ok
12:09:18.0171 0x0ba8 [ 56B6C5A50237E6099BB6B7707FDF8EE0, F69356133F0210A1EE38FB05DCAE1C01793043412851FB0C3286B00493AC2924 ] C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:09:18.0171 0x0ba8 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe - ok
12:09:18.0171 0x0ba8 [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] C:\WINDOWS\system32\linkinfo.dll
12:09:18.0171 0x0ba8 C:\WINDOWS\system32\linkinfo.dll - ok
12:09:18.0171 0x0ba8 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
12:09:18.0171 0x0ba8 C:\WINDOWS\system32\ntshrui.dll - ok
12:09:18.0187 0x0ba8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] C:\WINDOWS\system32\alrsvc.dll
12:09:18.0187 0x0ba8 C:\WINDOWS\system32\alrsvc.dll - ok
12:09:18.0187 0x0ba8 [ 018857EAD9A077A56AEDFC0E5EF7A24A, FC39B4C4E210D22BE40F41966578F9BAA67EE9301E848E6A7ADB8662BE5B1CB6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:09:18.0187 0x0ba8 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
12:09:18.0187 0x0ba8 [ DDDD1D04D5F4360371BC99C7C476F70D, D4400B6DF35296E6BE1F753588EE326A515658A7A0F8DC670552DEC64ACDE55A ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
12:09:18.0187 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
12:09:18.0187 0x0ba8 [ BC485253D079F28BA398294465D13A21, 80258571FD876A1A4871B64CEFF0183781C1E2926393D87153E11F76D87C78C8 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
12:09:18.0187 0x0ba8 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
12:09:18.0203 0x0ba8 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
12:09:18.0203 0x0ba8 C:\WINDOWS\system32\wsock32.dll - ok
12:09:18.0203 0x0ba8 [ 7CAAC9543318A1EE9056859F073A00DA, 3E5CBAF1D89BABF426760EBF4900812EE4312C4D012C8A161ADDEAC8EC1FEE4F ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
12:09:18.0203 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
12:09:18.0203 0x0ba8 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
12:09:18.0203 0x0ba8 C:\WINDOWS\system32\mlang.dll - ok
12:09:18.0203 0x0ba8 [ 152F8772D5A5CD7883305C3B8D28470E, 8353B56461E889D277B6FB7DBF97D7C60AD11748C0818FBA9D80DCE5D89C6CC4 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
12:09:18.0203 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
12:09:18.0203 0x0ba8 [ 87305FEF54F6787331812DEEC2620B70, 6A771F16DC59C678ECC3794A59BD7580DE9C363EB489A31D033E80B9E83E23AB ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
12:09:18.0203 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
12:09:18.0218 0x0ba8 [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] C:\WINDOWS\system32\verclsid.exe
12:09:18.0218 0x0ba8 C:\WINDOWS\system32\verclsid.exe - ok
12:09:18.0218 0x0ba8 [ F64A630C746DCEFB640FE724F911D317, 28ADCB1FBDBB1D6CB073113F97047B9DE078BBB3B34A8BB4F7255CBA360C69C7 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
12:09:18.0218 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
12:09:18.0218 0x0ba8 [ 3808DD8F3B80549C140D22147441B1FB, 7DE63AFD196888EFC258DFBA651B320C3202373F23FD863ED38EB9EB26E5F71F ] C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
12:09:18.0218 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll - ok
12:09:18.0218 0x0ba8 [ C74B86642F131D76C0EDE673FDF137B2, 91659969CF94979FA980A3C13AB3E7421048E4E2720DE6064E9B61FD4DF96666 ] C:\WINDOWS\SkyTel.exe
12:09:18.0218 0x0ba8 C:\WINDOWS\SkyTel.exe - ok
12:09:18.0234 0x0ba8 [ 12562870DA441564F4CF80CCBEA646FE, 72A837D618647F1A4523CF596229B82E3F2E30503F39E7C663ADB72171B9FB8C ] C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
12:09:18.0234 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll - ok
12:09:18.0234 0x0ba8 [ 35FD33EAE23AF69715EE3231A9F15B82, C7351F3537F4B938E4E8A8A8DD59039298F9B09678A4BC09B2A362DC4B25E2C0 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
12:09:18.0234 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe - ok
12:09:18.0234 0x0ba8 [ 0FE0EDF01CEA3BEB2E65A904BB87525E, 8846CE71FC5DD86151F467B656D886A8E81E337B10A591097E5695BDB2821447 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
12:09:18.0234 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe - ok
12:09:18.0234 0x0ba8 [ 6C74D73032BD60694CCF485A6DFCDBD3, 0186730F1D88595125FA1B591F196BB99FFA333EE104EAED7FE50617DF955525 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
12:09:18.0234 0x0ba8 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll - ok
12:09:18.0234 0x0ba8 [ 861C702C4612B68FD9C36CB60245087B, 0CCB08050595E776A976C37470315EE376684F245909E25DDC0E4F883244CFE9 ] C:\Program Files\ESET\ESET Smart Security\egui.exe
12:09:18.0234 0x0ba8 C:\Program Files\ESET\ESET Smart Security\egui.exe - ok
12:09:18.0250 0x0ba8 [ 1D280711057FCFF64B9980A068E93274, 9E915E998122CC2E1DFCA92696D79F96810461FC0FDFBE973A36D17C8D6D5970 ] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
12:09:18.0250 0x0ba8 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe - ok
12:09:18.0250 0x0ba8 [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] C:\WINDOWS\system32\webcheck.dll
12:09:18.0250 0x0ba8 C:\WINDOWS\system32\webcheck.dll - ok
12:09:18.0250 0x0ba8 [ 9818FF792CB0FE3A7C226FB5AA194010, 464EC5CACD564D63CA6DA57DB894F73FBE9DAAC86AA1F28634FF9F39EE82BB70 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
12:09:18.0250 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU - ok
12:09:18.0250 0x0ba8 [ 35B000440DF7855DA29CA7DF50D6952D, A271E2ADB6518F74F7AEC0414FC1F9E8C925CCAF58AE3A9AB363E58F1FCEDD96 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
12:09:18.0250 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA - ok
12:09:18.0265 0x0ba8 [ 6110A057199D66FECA5D341E5E89DF76, 8E5EA8F57BC5165C4606DAFA7EB39E0527DC1224603CB0B5889753E930E77E37 ] C:\Program Files\Adobe\Acrobat 9.0\Esl\Aiod.dll
12:09:18.0265 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Esl\Aiod.dll - ok
12:09:18.0265 0x0ba8 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] C:\WINDOWS\system32\stobject.dll
12:09:18.0265 0x0ba8 C:\WINDOWS\system32\stobject.dll - ok
12:09:18.0265 0x0ba8 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] C:\WINDOWS\system32\batmeter.dll
12:09:18.0265 0x0ba8 C:\WINDOWS\system32\batmeter.dll - ok
12:09:18.0265 0x0ba8 [ F101EC2ABCDE12CE4E81EEF13A32E1D4, 796ADFD38C3422901F971B784EB72B8702BDF184C43C104B686F3825F43F2823 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
12:09:18.0265 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe - ok
12:09:18.0281 0x0ba8 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{35569D86-7A8E-43BA-9D54-C5D0EE4135DA}.tmp
12:09:18.0281 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{35569D86-7A8E-43BA-9D54-C5D0EE4135DA}.tmp - ok
12:09:18.0281 0x0ba8 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{1D6A3BC0-5A3E-42F0-9D33-ECE9EDC318C4}.tmp
12:09:18.0281 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{1D6A3BC0-5A3E-42F0-9D33-ECE9EDC318C4}.tmp - ok
12:09:18.0281 0x0ba8 [ 27C71C0C2EA179D06EBFFE073A9A9D62, 50AEF4F2528239E09ED05AB2701A85D5E0B2258F45191AD5CA1B9967A18E0323 ] C:\Program Files\Acronis\TrueImageHome\Common\resource.dll
12:09:18.0281 0x0ba8 C:\Program Files\Acronis\TrueImageHome\Common\resource.dll - ok
12:09:18.0281 0x0ba8 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{375B7A1D-0A07-462B-B310-F1BDCE17E1E6}.tmp
12:09:18.0281 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{375B7A1D-0A07-462B-B310-F1BDCE17E1E6}.tmp - ok
12:09:18.0281 0x0ba8 [ 8DA3C5ED5BFE49E80079A2B5A339F4C6, AF1C285547EE9E5A33110CD0A77EB6E7333F40C3F84F5DB895886461C35A8723 ] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
12:09:18.0281 0x0ba8 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe - ok
12:09:18.0296 0x0ba8 [ 045E228F71C31901084B64BE59093499, BA463D9EC2C2D266A34DBAC542CFA0403BFB03DDF3037FBD043BB691A8E493FA ] C:\WINDOWS\system32\WPDShServiceObj.dll
12:09:18.0296 0x0ba8 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
12:09:18.0296 0x0ba8 [ 6C23D15CC0A1A379199176A8B4CD05CA, EFF4EE73F7B4C6B69ED0D1E6CD33A54CD9EF1DF811DBBB27E6A3D607F5C62E71 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodistdll.dll
12:09:18.0296 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodistdll.dll - ok
12:09:18.0296 0x0ba8 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] C:\WINDOWS\system32\sensapi.dll
12:09:18.0296 0x0ba8 C:\WINDOWS\system32\sensapi.dll - ok
12:09:18.0296 0x0ba8 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{B00298C7-92D2-47C7-ACA7-00745D99F094}.tmp
12:09:18.0296 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{B00298C7-92D2-47C7-ACA7-00745D99F094}.tmp - ok
12:09:18.0312 0x0ba8 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{6BFEB4D4-6C46-4159-A3FA-65007F62BDDF}.tmp
12:09:18.0312 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{6BFEB4D4-6C46-4159-A3FA-65007F62BDDF}.tmp - ok
12:09:18.0312 0x0ba8 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{3BFE6E48-4310-402A-87E0-21B4656A97FB}.tmp
12:09:18.0312 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{3BFE6E48-4310-402A-87E0-21B4656A97FB}.tmp - ok
12:09:18.0312 0x0ba8 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{A79AEDC8-4FBD-4964-883D-0D10A393D46D}.tmp
12:09:18.0312 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{A79AEDC8-4FBD-4964-883D-0D10A393D46D}.tmp - ok
12:09:18.0312 0x0ba8 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{C9E26AB2-9A7B-4529-AB5D-99489ACA31D3}.tmp
12:09:18.0312 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{C9E26AB2-9A7B-4529-AB5D-99489ACA31D3}.tmp - ok
12:09:18.0328 0x0ba8 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{55A5C0CB-A0B2-4B47-B76A-6A6DEA0FCA15}.tmp
12:09:18.0328 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{55A5C0CB-A0B2-4B47-B76A-6A6DEA0FCA15}.tmp - ok
12:09:18.0328 0x0ba8 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{3479C3CC-09FE-4A72-9783-96B1825EB540}.tmp
12:09:18.0328 0x0ba8 C:\DOCUME~1\Robert\LOCALS~1\temp\{D2DE486D-17C6-42FD-98C4-CDC4B1E842EF}\{3479C3CC-09FE-4A72-9783-96B1825EB540}.tmp - ok
12:09:18.0328 0x0ba8 [ 9F8B7D95917BFF46407379CE7F8813D0, AF6BA4B39D31D97D22167D44543B92BDDAF2DEF067BBC9229F4E9DC8F6743AFE ] C:\Program Files\Acronis\TrueImageHome\Common\gc.dll
12:09:18.0328 0x0ba8 C:\Program Files\Acronis\TrueImageHome\Common\gc.dll - ok
12:09:18.0328 0x0ba8 [ F832F1505AD8B83474BD9A5B1B985E01, 205D9F237DD50FDF84F57CC53476B5ADB218A03A8B68B017AFF7CBD0DCAC71C4 ] C:\Program Files\Bonjour\mDNSResponder.exe
12:09:18.0328 0x0ba8 C:\Program Files\Bonjour\mDNSResponder.exe - ok
12:09:18.0328 0x0ba8 [ 037B1E7798960E0420003D05BB577EE6, DEE53D6D332DADD40C0CE34A425A6C0781F611765DCD4299D869F2B1EE80AE66 ] C:\WINDOWS\system32\rundll32.exe
12:09:18.0328 0x0ba8 C:\WINDOWS\system32\rundll32.exe - ok
12:09:18.0343 0x0ba8 [ A6278239BF5E98A2119615E2FC1F35D9, 34DF8466E5E64FC1E65FDF8470F9766C2F351F32AB2B2539536EF4F5D6EE16E8 ] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
12:09:18.0343 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe - ok
12:09:18.0343 0x0ba8 [ FEDA097D62369B6FB0030F0AEBE2C3B7, 23F348029B37E3EBB2F7473C98F32803C4984E7C195CEB19210EBBC4709348F5 ] C:\WINDOWS\system32\snapapi.dll
12:09:18.0343 0x0ba8 C:\WINDOWS\system32\snapapi.dll - ok
12:09:18.0343 0x0ba8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
12:09:18.0343 0x0ba8 C:\WINDOWS\system32\ctfmon.exe - ok
12:09:18.0343 0x0ba8 [ 7E3D52EB15AAE83A9B3E5D8200F66A16, D73A1FEBCD75D28AEC0770E31FA6FCA7C239AF4C255DA7D08EA48F9CE9D8FB60 ] C:\Program Files\Acronis\TrueImageHome\fox.dll
12:09:18.0343 0x0ba8 C:\Program Files\Acronis\TrueImageHome\fox.dll - ok
12:09:18.0359 0x0ba8 [ 538A270F35A713C360B7ED4168BB7521, 47D8784C811FCADD1E78A907AF56D3D0FA5ABE9AC7DA7CB41AF60D304CAA06BA ] C:\WINDOWS\system32\mydocs.dll
12:09:18.0359 0x0ba8 C:\WINDOWS\system32\mydocs.dll - ok
12:09:18.0359 0x0ba8 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] C:\WINDOWS\system32\msctf.dll
12:09:18.0359 0x0ba8 C:\WINDOWS\system32\msctf.dll - ok
12:09:18.0359 0x0ba8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:09:18.0359 0x0ba8 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
12:09:18.0359 0x0ba8 [ E5F7C30EDF0892667933BE879F067D67, E4BA45F4C6C74A0CDE9B12A00C91E2F5EF83536C89C9053DEC507CBB4F130A12 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
12:09:18.0359 0x0ba8 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
12:09:18.0359 0x0ba8 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] C:\WINDOWS\system32\msutb.dll
12:09:18.0359 0x0ba8 C:\WINDOWS\system32\msutb.dll - ok
12:09:18.0375 0x0ba8 [ C14AA05881A35B6D6BB8D55B117EE22D, F30873FA983CE21734BE1A357CDF855EF33511990C14B454EBAA3D6059CD823D ] C:\WINDOWS\system32\shfolder.dll
12:09:18.0375 0x0ba8 C:\WINDOWS\system32\shfolder.dll - ok
12:09:18.0375 0x0ba8 [ 1C95060AA0B931CF9EE86DDE21FCFC8C, 6BA2B3678612B82CECA82EFD7052235C1F016EC1BEADC9C60A825B68BA1BB94D ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ahclient.dll
12:09:18.0375 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ahclient.dll - ok
12:09:18.0375 0x0ba8 [ 08A73B0E7EE6E32983B5F9E540A8E380, D9FC89B19C9131C2246D82942D5E6A09F20CB488C26EF007695F1CABB53C8F91 ] C:\WINDOWS\system32\mscoree.dll
12:09:18.0375 0x0ba8 C:\WINDOWS\system32\mscoree.dll - ok
12:09:18.0375 0x0ba8 [ D543E7E8BCAE3F5D256335EEE809ADF5, 91F9549C271D7C351814DB1ABDD6CC6B43DB2981D114F9CBFC28133E99209BF6 ] C:\Program Files\ESET\ESET Smart Security\ekrn.exe
12:09:18.0375 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrn.exe - ok
12:09:18.0390 0x0ba8 [ 22358578CB321F3325496A3723029409, 44535E0EFC20714CEF8FFAE51294CFC6AC53F12E464E048ECD92CDC2CA54A312 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
12:09:18.0390 0x0ba8 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
12:09:18.0390 0x0ba8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
12:09:18.0390 0x0ba8 C:\WINDOWS\system32\cryptsvc.dll - ok
12:09:18.0390 0x0ba8 [ BD7CDF6F9BF663377D7D73DF252F5DDE, 5E80B7DFC00B204AE470ABCCE5D3E876FE631D14D238E4A0B40F70FBDE4B083C ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll
12:09:18.0390 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll - ok
12:09:18.0390 0x0ba8 [ 9D45B2201D0ECF9F42136C7B99DEB8B2, 0251BE4C23EAACE2A9725243936C5E5AC4C0BCEE10EDE85017D91936FEE8CB31 ] C:\WINDOWS\system32\PortableDeviceApi.dll
12:09:18.0390 0x0ba8 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
12:09:18.0406 0x0ba8 [ 29ECDA17BA5E6D98430F698587569ACC, 9C37D92CCBED1F9ED4E585F98E7FB17C6AD083712B078ABCB40476310BCDB7F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll
12:09:18.0406 0x0ba8 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok
12:09:18.0406 0x0ba8 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
12:09:18.0406 0x0ba8 C:\WINDOWS\system32\certcli.dll - ok
12:09:18.0406 0x0ba8 [ 22D71D1DB6FC789A1CE8AC6963580259, DD5307A108936AAE840F973F7F718A6954E173D4E210A375C75DB644B2162CFD ] C:\WINDOWS\system32\hhctrl.ocx
12:09:18.0406 0x0ba8 C:\WINDOWS\system32\hhctrl.ocx - ok
12:09:18.0406 0x0ba8 [ AF742C77FF844FFC4050220B97B88975, 7D1B2781889E452D7E1923FC364DB84CEA2DB20D70D5C8048C6DF978290C3E4A ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ACE.dll
12:09:18.0406 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ACE.dll - ok
12:09:18.0406 0x0ba8 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] C:\WINDOWS\ime\sptip.dll
12:09:18.0406 0x0ba8 C:\WINDOWS\ime\sptip.dll - ok
12:09:18.0421 0x0ba8 [ 671DF573B9AEDD72F545B4A691138722, FFB3434A2F0F0F650A678F3283BB0E7E53632A0D04E79998531E06F48FF3D0C9 ] C:\Program Files\Acronis\TrueImageHome\Common\icu38.dll
12:09:18.0421 0x0ba8 C:\Program Files\Acronis\TrueImageHome\Common\icu38.dll - ok
12:09:18.0421 0x0ba8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] C:\WINDOWS\system32\drivers\fastfat.sys
12:09:18.0421 0x0ba8 C:\WINDOWS\system32\drivers\fastfat.sys - ok
12:09:18.0421 0x0ba8 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] C:\WINDOWS\system32\dssenh.dll
12:09:18.0421 0x0ba8 C:\WINDOWS\system32\dssenh.dll - ok
12:09:18.0421 0x0ba8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] C:\WINDOWS\system32\ersvc.dll
12:09:18.0421 0x0ba8 C:\WINDOWS\system32\ersvc.dll - ok
12:09:18.0437 0x0ba8 [ EED3EEEDCCF7A71F16FAB63406761BB7, 523352CA3A0A1F199841BD9A5908BE11C27D8A2E2F8BCC1E0B3FC88877B1DAA1 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobePDFL.dll
12:09:18.0437 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobePDFL.dll - ok
12:09:18.0437 0x0ba8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
12:09:18.0437 0x0ba8 C:\WINDOWS\system32\es.dll - ok
12:09:18.0437 0x0ba8 [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
12:09:18.0437 0x0ba8 C:\WINDOWS\system32\oledlg.dll - ok
12:09:18.0437 0x0ba8 [ CCED42CBD2AB4BFD11C6A9FE7B5535E0, D908FD6FFC3D1B91FE6C021BF49CC5E6726B6E257AE48A0C20575CCB7C8CF6CF ] C:\Program Files\Acronis\TrueImageHome\Common\icudt38.dll
12:09:18.0437 0x0ba8 C:\Program Files\Acronis\TrueImageHome\Common\icudt38.dll - ok
12:09:18.0437 0x0ba8 [ E139539D151A7E9B0EDC094DB56972A5, BF0343881BE6F549210E63FA2CBC7AA5B28599AAF15CAB430A3803C7DFB1BB6D ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\JP2KLib.dll
12:09:18.0437 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\JP2KLib.dll - ok
12:09:18.0453 0x0ba8 [ FD86410F03378CF45D5F69BAE0A1F1B9, 0E552304C595F2F91F4EF58FA6743B825385C0F677E4BC8AD7877E123D27D07C ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\BIB.dll
12:09:18.0453 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\BIB.dll - ok
12:09:18.0453 0x0ba8 [ D506E7C6DE84BB9F1F9118EF1DC116DA, 7307FFB1F7EF46B9E530AEF0A74F7F879946AF9AAD36CD4527AF6D2582B2DD2E ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\BIBUtils.dll
12:09:18.0453 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\BIBUtils.dll - ok
12:09:18.0453 0x0ba8 [ 3679F05F524C03A3E79E289A31D060D9, E9C83294784B3558B543BF113EEB9E07EA0684F25AE6952AE9FEE80CF7953BD6 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AGM.dll
12:09:18.0453 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AGM.dll - ok
12:09:18.0453 0x0ba8 [ 6CD38336E84ACE79098B3F86DDB9221D, 029765AFF27964592356A61C1F81895B3B46FC17096871AEDB18A3B698757273 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\CoolType.dll
12:09:18.0453 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\CoolType.dll - ok
12:09:18.0468 0x0ba8 [ 27330C125B1C24C7FCD2BF3297B1E26F, 1F8B2A19A00250B9D6CB9DE7E774FDA3B5589F30FA035C80ACCFE7C50A2A4F8B ] C:\Program Files\Acronis\TrueImageHome\Common\thread_pool.dll
12:09:18.0468 0x0ba8 C:\Program Files\Acronis\TrueImageHome\Common\thread_pool.dll - ok
12:09:18.0468 0x0ba8 [ C0AA6E3A39B0BCFBB982E599E24337A7, D8D8B1D2A2AF50E456CC45B32D515585ED0FE7E2C96BEB1201719D7985A3EBAE ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AXE8SharedExpat.dll
12:09:18.0468 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AXE8SharedExpat.dll - ok
12:09:18.0468 0x0ba8 [ 5DD0CE534C76DAF872E758234928296C, 274E77162D25485A91343AA4B7E319D1292A8080E6E98EF3D59945D20559302C ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ARE.dll
12:09:18.0468 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ARE.dll - ok
12:09:18.0468 0x0ba8 [ 0C9B408435DDC6BAAFC85441310CE1F4, 43BDE73C1219022ACD249A5A74745E169F76AB0410850BC5524E457F31A03CE4 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Adist.dll
12:09:18.0468 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Adist.dll - ok
12:09:18.0484 0x0ba8 [ 0EC5E81C6DA21289DF071AD7D9CFDC0F, 4E938E1D58D106F8AD3BD9A20151222A8E16E6D729C7CC2CFB482F16A417175D ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\adistres.dll
12:09:18.0484 0x0ba8 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\adistres.dll - ok
12:09:18.0484 0x0ba8 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] C:\WINDOWS\system32\spoolss.dll
12:09:18.0484 0x0ba8 C:\WINDOWS\system32\spoolss.dll - ok
12:09:18.0484 0x0ba8 [ D64A40B94602158E40527AE95E7A9193, 833F363CBA82DAC4DB6FBD7FA8AFB7B78E7122B24EC33B1D08682AA068749B21 ] C:\WINDOWS\system32\drivers\hardlock.sys
12:09:18.0484 0x0ba8 C:\WINDOWS\system32\drivers\hardlock.sys - ok
12:09:18.0484 0x0ba8 [ F85D7108339843CAA94ABB7DE8D41C9D, DB6AEF6EE3E98498DCCC554A876FE70CD250F2E28F41F4CB7371AF3148B6163F ] C:\WINDOWS\system32\regedt32.exe
12:09:18.0484 0x0ba8 C:\WINDOWS\system32\regedt32.exe - ok
12:09:18.0500 0x0ba8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
12:09:18.0500 0x0ba8 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
12:09:18.0500 0x0ba8 [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] C:\WINDOWS\system32\srvsvc.dll
12:09:18.0500 0x0ba8 C:\WINDOWS\system32\srvsvc.dll - ok
12:09:18.0500 0x0ba8 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
12:09:18.0500 0x0ba8 C:\WINDOWS\system32\netmsg.dll - ok
12:09:18.0500 0x0ba8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] C:\WINDOWS\system32\drivers\srv.sys
12:09:18.0500 0x0ba8 C:\WINDOWS\system32\drivers\srv.sys - ok
12:09:18.0500 0x0ba8 [ 5677DFE438EC1F009273FC84FEED6B10, 44B62CC4D138E13C22FC29E9751CB7ED0B0C6C8897A8E6469172F8642B0527BE ] C:\WINDOWS\system32\localspl.dll
12:09:18.0500 0x0ba8 C:\WINDOWS\system32\localspl.dll - ok
12:09:18.0515 0x0ba8 [ D65DB1C24E27ACD169971552C6FC9E2F, D42A9C2AD300EB541162630CCE1DD633C0BA38B048F4F3E1D6248BB084D853E8 ] C:\WINDOWS\system32\AdobePDF.dll
12:09:18.0515 0x0ba8 C:\WINDOWS\system32\AdobePDF.dll - ok
12:09:18.0515 0x0ba8 [ 1C22A3866112ED41E1F3684DAE9AD5D2, 621989160B8DCE383242FA844CA63557F7BCD4520335E7EA1AF85E7720A760CA ] C:\WINDOWS\system32\mmcshext.dll
12:09:18.0515 0x0ba8 C:\WINDOWS\system32\mmcshext.dll - ok
12:09:18.0515 0x0ba8 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] C:\WINDOWS\system32\cnbjmon.dll
12:09:18.0515 0x0ba8 C:\WINDOWS\system32\cnbjmon.dll - ok
12:09:18.0515 0x0ba8 [ D3E868700D9B5E3C54B7EED060215CC1, C066B0E63815018D6D345CE5DABD443C5CDA73200601FB51F67C602A4133A2C5 ] C:\WINDOWS\system32\hhsetup.dll
12:09:18.0515 0x0ba8 C:\WINDOWS\system32\hhsetup.dll - ok
12:09:18.0531 0x0ba8 [ 37A7CEED6F019E25B4817F99893F050C, DFC9BB3900881B924475AF54CEB596F46152F69A1A61383A97FB77DE93E12397 ] C:\WINDOWS\system32\hpinksts6412LM.dll
12:09:18.0531 0x0ba8 C:\WINDOWS\system32\hpinksts6412LM.dll - ok
12:09:18.0531 0x0ba8 [ FB034DE7F0D706EBA9513D8ED7478ACB, 94F7D936AC1D69717B1EC1128E4F157C99F96C3808D26241BDCC8838B2AB4863 ] C:\WINDOWS\system32\HPDiscoPM6412.dll
12:09:18.0531 0x0ba8 C:\WINDOWS\system32\HPDiscoPM6412.dll - ok
12:09:18.0531 0x0ba8 [ 277F3E3333F1D10CA428568197FCCE70, 1AC24A8817396FA4172DC6216FBF82A1F6F8F9A1A1F87D6884FF17DCCB15C3FF ] C:\WINDOWS\system32\wsnmp32.dll
12:09:18.0531 0x0ba8 C:\WINDOWS\system32\wsnmp32.dll - ok
12:09:18.0531 0x0ba8 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] C:\WINDOWS\system32\pjlmon.dll
12:09:18.0531 0x0ba8 C:\WINDOWS\system32\pjlmon.dll - ok
12:09:18.0531 0x0ba8 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] C:\WINDOWS\system32\tcpmon.dll
12:09:18.0531 0x0ba8 C:\WINDOWS\system32\tcpmon.dll - ok
12:09:18.0546 0x0ba8 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] C:\WINDOWS\system32\usbmon.dll
12:09:18.0546 0x0ba8 C:\WINDOWS\system32\usbmon.dll - ok
12:09:18.0546 0x0ba8 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
12:09:18.0546 0x0ba8 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
12:09:18.0546 0x0ba8 [ 291778DFEBAA278B451D457B03C10AC1, 19649A327CC5EC74FB84D1FC347912E21D120C8470CB361DA1E8D4E49968F21E ] C:\WINDOWS\system32\win32spl.dll
12:09:18.0546 0x0ba8 C:\WINDOWS\system32\win32spl.dll - ok
12:09:18.0546 0x0ba8 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
12:09:18.0546 0x0ba8 C:\WINDOWS\system32\netrap.dll - ok
12:09:18.0562 0x0ba8 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] C:\WINDOWS\system32\inetpp.dll
12:09:18.0562 0x0ba8 C:\WINDOWS\system32\inetpp.dll - ok
12:09:18.0562 0x0ba8 [ D25187112823436B4B384E8E70C656AB, ED2A549D0AC749F456C1A4A17587B2C6AA271863B72132FD6474BC78A30D8E97 ] C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll
12:09:18.0562 0x0ba8 C:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll - ok
12:09:18.0562 0x0ba8 [ 058710B720282CA82B909912D3EF28DB, 97535E75CA6A77E6BCB81216B0FB383024709539727FD656DF6AFD33A50CAD04 ] C:\WINDOWS\regedit.exe
12:09:18.0562 0x0ba8 C:\WINDOWS\regedit.exe - ok
12:09:18.0562 0x0ba8 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1, 502B9D43EB6305508E8CDF034528C3F1DDF4525727C1B7663EA835BE2307FF20 ] C:\WINDOWS\system32\mscms.dll
12:09:18.0562 0x0ba8 C:\WINDOWS\system32\mscms.dll - ok
12:09:18.0562 0x0ba8 [ 96A0066AB9872D3575575A463C53FF6C, 939C2C4D5043B4A9A4D531B072F4344F0B84FA1D7840B810344B2773EB420CAE ] C:\WINDOWS\system32\aclui.dll
12:09:18.0578 0x0ba8 C:\WINDOWS\system32\aclui.dll - ok
12:09:18.0578 0x0ba8 [ 751068D5D0ECD64A4810379729A1F0BC, 55D2F6F32513349C3BCA5E06B719B03A56577A23CB30CC1BC5E848DE2D456FD7 ] C:\WINDOWS\system32\ulib.dll
12:09:18.0578 0x0ba8 C:\WINDOWS\system32\ulib.dll - ok
12:09:18.0578 0x0ba8 [ 37461F2C3F212CF508A20FDC729ABDE5, 258FAC009860CBD148787B7C771E79DA45463704F4167A78796EFF84106CDFDA ] C:\WINDOWS\system32\clb.dll
12:09:18.0578 0x0ba8 C:\WINDOWS\system32\clb.dll - ok
12:09:18.0578 0x0ba8 [ 1C8A3124D6A908D6DE64BDFCE2565891, 847FE57A4785E464BF882C4D33FC44C0D67B213DCCA81597C6F547C95EB040EF ] C:\Program Files\Common Files\Acronis\TrueImageHome\tdrpapi.dll
12:09:18.0578 0x0ba8 C:\Program Files\Common Files\Acronis\TrueImageHome\tdrpapi.dll - ok
12:09:18.0578 0x0ba8 [ A33847BDE98AF6CFFF284738B85A639F, 617DA0BD1C58677D2123A151853F420C77AFD23BFC9952BC73CC3E015A384789 ] C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
12:09:18.0578 0x0ba8 C:\Program Files\Raxco\PerfectDisk\PDAgent.exe - ok
12:09:18.0593 0x0ba8 [ 5D999BF519415D1C8EE0B97FF6A254DB, 7E928AEF934288404342CDDD4B7761D35BC5F70662CFC7100066E9115AC60212 ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
12:09:18.0593 0x0ba8 C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
12:09:18.0593 0x0ba8 [ 62CF83A6989312A0DD39BBFFB3D1C166, 05FB7F06444B4958BE3EFC6909614D516BE5FE3929E0F58D2C13C2A211C1F86A ] C:\WINDOWS\system32\pdh.dll
12:09:18.0593 0x0ba8 C:\WINDOWS\system32\pdh.dll - ok
12:09:18.0593 0x0ba8 [ 369F7B1A4F358B976176556A1A331F36, 65A60C4C5D816D53DDAA208FEEDD4F8C185A77BACB8736EADCAE2F454C8FFC08 ] C:\WINDOWS\system32\odbcbcp.dll
12:09:18.0593 0x0ba8 C:\WINDOWS\system32\odbcbcp.dll - ok
12:09:18.0593 0x0ba8 [ E3C817F7FE44CC870ECDBCBC3EA36132, D769FAFA2B3232DE9FA7153212BA287F68E745257F1C00FAFB511E7A02DE7ADF ] C:\WINDOWS\system32\msvcp100.dll
12:09:18.0593 0x0ba8 C:\WINDOWS\system32\msvcp100.dll - ok
12:09:18.0609 0x0ba8 [ BF38660A9125935658CFA3E53FDC7D65, 60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA ] C:\WINDOWS\system32\msvcr100.dll
12:09:18.0609 0x0ba8 C:\WINDOWS\system32\msvcr100.dll - ok
12:09:18.0609 0x0ba8 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] C:\WINDOWS\system32\ipsecsvc.dll
12:09:18.0609 0x0ba8 C:\WINDOWS\system32\ipsecsvc.dll - ok
12:09:18.0609 0x0ba8 [ 584C4DA856450CB22EBBE7A68CC6250F, 56030767CFD2DAFDAE8CC767DC1EED39DD2E6E42152BFAE7904C2C8826B2C3E2 ] C:\WINDOWS\system32\oakley.dll
12:09:18.0609 0x0ba8 C:\WINDOWS\system32\oakley.dll - ok
12:09:18.0609 0x0ba8 [ 64E413BA0C529AA40C3924BBCC4153DB, 9E0EB02078EE250AC618D4A4537D54BACDD7E2B67349162CA61F35EAF91601EE ] C:\WINDOWS\system32\PSIService.exe
12:09:18.0609 0x0ba8 C:\WINDOWS\system32\PSIService.exe - ok
12:09:18.0609 0x0ba8 [ 2133B82CD52F1B62CDEA633769819A60, 6208E5011551BB8518FB20E5F89EB8998E7405D72A2935FCC94C671C3F7040CB ] C:\Program Files\Common Files\System\ado\msado15.dll
12:09:18.0609 0x0ba8 C:\Program Files\Common Files\System\ado\msado15.dll - ok
12:09:18.0625 0x0ba8 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] C:\WINDOWS\system32\winipsec.dll
12:09:18.0625 0x0ba8 C:\WINDOWS\system32\winipsec.dll - ok
12:09:18.0625 0x0ba8 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ] C:\WINDOWS\system32\pstorsvc.dll
12:09:18.0625 0x0ba8 C:\WINDOWS\system32\pstorsvc.dll - ok
12:09:18.0625 0x0ba8 [ AD720D4D463B72C58DA9FF5933723A66, 9686C81C191EFE4B2BA60A9BF75A97B128675A6C4981467B67852FBD8E74B125 ] C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
12:09:18.0625 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe - ok
12:09:18.0625 0x0ba8 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] C:\WINDOWS\system32\psbase.dll
12:09:18.0625 0x0ba8 C:\WINDOWS\system32\psbase.dll - ok
12:09:18.0640 0x0ba8 [ 01F0CBEB457CAE7EF0CA52C7CCA5B0E8, 89B0AB12B17BC3BD9DE3862FC512F1FCF2B65F8AF70D8AC4030AD8863A877CBF ] C:\WINDOWS\system32\msdart.dll
12:09:18.0640 0x0ba8 C:\WINDOWS\system32\msdart.dll - ok
12:09:18.0640 0x0ba8 [ 846F59FE15F26FD051D46B0B2DD8C8A8, 9893D1B67D274B5F9E5ED3AB5BE44AA9D6DE73448C66740FE8F98BB64D9CA29F ] C:\Program Files\Sunbelt Software\CounterSpy\SpursDownload.dll
12:09:18.0640 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SpursDownload.dll - ok
12:09:18.0640 0x0ba8 [ DC095DB6D468CB5B653E05F865487E57, EA2D1097E99C3572D31A4BF81704373E68D432874F424B77DDCC5DB48DE35868 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
12:09:18.0640 0x0ba8 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
12:09:18.0640 0x0ba8 [ AEFA48B4DB11B7AB758046A7966AE1BF, EFE5C97624044CAA29C5C5C9EE5A6CD1847555B229C4C8033A7576AA588F2666 ] C:\Program Files\Sunbelt Software\CounterSpy\SBTE.dll
12:09:18.0640 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SBTE.dll - ok
12:09:18.0640 0x0ba8 [ F86A2C7C279C746D5C5E06941ED4C337, 980FFF3296BF8CF2D7C691F3D6559458F098CFC1284A3AF47F8A9907D1767A3D ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
12:09:18.0640 0x0ba8 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
12:09:18.0656 0x0ba8 [ C3BA67167ABFAC31C39BC959B250CED8, 227F1ADE7CC250F00B9327753E1D8AE6247F921B001B27E61226CE86B4B5F096 ] C:\Program Files\Raxco\PerfectDisk\sqlceoledb35.dll
12:09:18.0656 0x0ba8 C:\Program Files\Raxco\PerfectDisk\sqlceoledb35.dll - ok
12:09:18.0656 0x0ba8 [ 9B96AECA9EA952EE5B62894B1DAB9F64, 276DDEAD724C1A07474F90C2B19331CEBCB49353CC675A24F1565BFF08F43FF0 ] C:\Program Files\Sunbelt Software\CounterSpy\sbap.dll
12:09:18.0656 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\sbap.dll - ok
12:09:18.0656 0x0ba8 [ 050C3F6E9572328B6ABD10466EE9B583, 197DAAF2A46D5BFC02B88ABDA8682B035C315F3C407469933A27FC976B3BDC0E ] C:\Program Files\Sunbelt Software\CounterSpy\SBArva.dll
12:09:18.0656 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SBArva.dll - ok
12:09:18.0656 0x0ba8 [ 9CE7BD04EDF43A81685030FF09E7F4D7, 964470B01D1974851358D018C35DD7AB5A2B59DCB6E7961E4DC77C4EE8BCC4FF ] C:\Program Files\Sunbelt Software\CounterSpy\mimepp.dll
12:09:18.0656 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\mimepp.dll - ok
12:09:18.0671 0x0ba8 [ BAB2F3725D21294495E236757EB06704, F88D8F04C1A80C95BF290F5035FEB0AF9F08FF9024F4CD7930506F217FA733AB ] C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll
12:09:18.0671 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll - ok
12:09:18.0671 0x0ba8 [ 958582542E5827C3B1B191F1C6C123F4, 94CF89210F733AB8625750923335D60B52D0D26F084A39670C41ED247CFC2FB6 ] C:\Program Files\Raxco\PerfectDisk\sqlcese35.dll
12:09:18.0671 0x0ba8 C:\Program Files\Raxco\PerfectDisk\sqlcese35.dll - ok
12:09:18.0671 0x0ba8 [ A29A1A840FB4B0B28C1EB817EE48D915, C238AE71192F9A210E066736445564C7E85ADADD651DCF36890873F7DA5B73AC ] C:\Program Files\Sunbelt Software\CounterSpy\SbHips.dll
12:09:18.0671 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SbHips.dll - ok
12:09:18.0671 0x0ba8 [ 338CD02816459C9D9BCB57B5620C63D8, 1007C5F663DF69869C3BCE2DE447108551F7343C8282C92E97038359504CB46B ] C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll
12:09:18.0671 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll - ok
12:09:18.0687 0x0ba8 [ 9FFBE1A6D3A919D83AD7984DBC012F8C, 9335836C13294FA68CE3B328E9B7E38810007440A1953987CF44251C8865BCCF ] C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
12:09:18.0687 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe - ok
12:09:18.0687 0x0ba8 [ 982FC1F0D0351F8EFAA3758D286BF4C5, 4909E9EA690A1BE508D235B0E33E72655515E07DB68C2A43B306A9715C563F52 ] C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll
12:09:18.0687 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll - ok
12:09:18.0687 0x0ba8 [ A5FE51B8CE661A935A165803C65A4BF1, 5A190418B2F5E7FC18AD27AC315B21DF185BBA8C0E33DC0B3CE60FE07EF34441 ] C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll
12:09:18.0687 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll - ok
12:09:18.0687 0x0ba8 [ 36CCD0CFE3FC326260BAA7425BDE5C9A, 84C5AFB1EA50321210E1C0D74BAF59FD47B256ADCD3E360CA170F02DC5DDEF7B ] C:\Program Files\Raxco\PerfectDisk\sqlceqp35.dll
12:09:18.0687 0x0ba8 C:\Program Files\Raxco\PerfectDisk\sqlceqp35.dll - ok
12:09:18.0687 0x0ba8 [ 2823317B9DDD87CA3689A2664A9F7D6F, 00FBF17294E2A1C7FEAD500554E7DE8F922C332660951CFB13910E7CE1EAA124 ] C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll
12:09:18.0687 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll - ok
12:09:18.0703 0x0ba8 [ 54196CDAC7E1D81D71C652E100B99E77, 33D6F58C67333F292A76ABDB7FB7697D74EDE69B282A7BD0DADF74C3EBDF62C3 ] C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
12:09:18.0703 0x0ba8 C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe - ok
12:09:18.0703 0x0ba8 [ D4C554FB3C0EA417B25AD52DC75533AE, 12D306B20FEC04EAC432C72EC12ACD9E1768679D87C6E7993A6FC03B7C944254 ] C:\Program Files\Sunbelt Software\CounterSpy\Plugins\PI_PatchMonitor.dll
12:09:18.0703 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Plugins\PI_PatchMonitor.dll - ok
12:09:18.0703 0x0ba8 [ 62297E937F0199D9BFD799F7FE30947D, E7FE54DEAA5D3F5FE0E129AB7E096F62235A532A18F065DA53074F16FB8FA683 ] C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
12:09:18.0703 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll - ok
12:09:18.0703 0x0ba8 [ 81AAD8956BE0603C4C373EC2AE5CDFFF, DB067CC87473FA82A2EBEAF126CA0F6C3CF3F18DD579540D02761A61BF6428D6 ] C:\Program Files\Sunbelt Software\CounterSpy\Plugins\PI_Recovery.dll
12:09:18.0703 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Plugins\PI_Recovery.dll - ok
12:09:18.0718 0x0ba8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] C:\WINDOWS\system32\seclogon.dll
12:09:18.0718 0x0ba8 C:\WINDOWS\system32\seclogon.dll - ok
12:09:18.0718 0x0ba8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] C:\WINDOWS\system32\sens.dll
12:09:18.0718 0x0ba8 C:\WINDOWS\system32\sens.dll - ok
12:09:18.0718 0x0ba8 [ DE09A8663F0FAAED3E24D104176EB5AA, E38ADB8743515EABA82AB810F5F4E6AE70CF6A05F0F5943F3807F680B706AAB3 ] C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll
12:09:18.0718 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll - ok
12:09:18.0718 0x0ba8 [ 8AAB27AAA796C49CB524DB12DB38D84C, FAB0D63108E60AAE81CB1B434352C219DC9A1260B0C8B6B4944E66F8785DDCF9 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\remediation.dll
12:09:18.0718 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\remediation.dll - ok
12:09:18.0718 0x0ba8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
12:09:18.0718 0x0ba8 C:\WINDOWS\system32\srsvc.dll - ok
12:09:18.0734 0x0ba8 [ C4B6D2C08692AE2240D076E429D404CD, 8A854201D6427A43D6E21D1D9E6C4A2B6E9805D4556B1F4B2C1CE28AB46EEA41 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\vcore.dll
12:09:18.0734 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\vcore.dll - ok
12:09:18.0734 0x0ba8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] C:\WINDOWS\system32\trkwks.dll
12:09:18.0734 0x0ba8 C:\WINDOWS\system32\trkwks.dll - ok
12:09:18.0734 0x0ba8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] C:\WINDOWS\system32\wiaservc.dll
12:09:18.0734 0x0ba8 C:\WINDOWS\system32\wiaservc.dll - ok
12:09:18.0734 0x0ba8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
12:09:18.0734 0x0ba8 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
12:09:18.0750 0x0ba8 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
12:09:18.0750 0x0ba8 C:\WINDOWS\system32\vssapi.dll - ok
12:09:18.0750 0x0ba8 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] C:\WINDOWS\system32\cfgmgr32.dll
12:09:18.0750 0x0ba8 C:\WINDOWS\system32\cfgmgr32.dll - ok
12:09:18.0750 0x0ba8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] C:\WINDOWS\system32\wuauserv.dll
12:09:18.0750 0x0ba8 C:\WINDOWS\system32\wuauserv.dll - ok
12:09:18.0750 0x0ba8 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] C:\WINDOWS\system32\wuaueng.dll
12:09:18.0750 0x0ba8 C:\WINDOWS\system32\wuaueng.dll - ok
12:09:18.0750 0x0ba8 [ E582EE74D110C035E06DACFB8471A588, 1C29C0702264DF30ECA9A8E371ECB5629EC7143DD9F0815D0E2DE02B47FCCE0C ] C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll
12:09:18.0750 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll - ok
12:09:18.0765 0x0ba8 [ 6D0F92A90F21BB68CB3AF4541B1FC30A, AEA3AEDAD51EDD6564840F7B313BE3F0B6063CD9E32824C8A9BC77193F2F5241 ] C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll
12:09:18.0765 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll - ok
12:09:18.0765 0x0ba8 [ 9B627BEDA81B38984D860C9715BED9C1, A44A64AB626B7274B8ACF45DA815E4B3C9D0CF75A6DEBB818BFD2EF16D0ADACC ] C:\Program Files\ESET\ESET Smart Security\updater.dll
12:09:18.0765 0x0ba8 C:\Program Files\ESET\ESET Smart Security\updater.dll - ok
12:09:18.0765 0x0ba8 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] C:\WINDOWS\system32\cabinet.dll
12:09:18.0765 0x0ba8 C:\WINDOWS\system32\cabinet.dll - ok
12:09:18.0765 0x0ba8 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] C:\WINDOWS\system32\mspatcha.dll
12:09:18.0765 0x0ba8 C:\WINDOWS\system32\mspatcha.dll - ok
12:09:18.0781 0x0ba8 [ 9F54A65CA05BE22DD1887FB667EEA80C, 12E2AA8B2A31095B268FEAE1BCB1A5B73FEC8712CB99777FA136FAE14744C8F6 ] C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll
12:09:18.0781 0x0ba8 C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll - ok
12:09:18.0781 0x0ba8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] C:\WINDOWS\system32\browser.dll
12:09:18.0781 0x0ba8 C:\WINDOWS\system32\browser.dll - ok
12:09:18.0781 0x0ba8 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] C:\WINDOWS\system32\comsvcs.dll
12:09:18.0781 0x0ba8 C:\WINDOWS\system32\comsvcs.dll - ok
12:09:18.0781 0x0ba8 [ 31ACFC16CB9ED1CE1B4E7BD85C835281, ED670717A4978F380C701E2582599504D88D48940D5F47FADBCD6E3581BD6E5C ] C:\Program Files\Common Files\System\ado\msadrh15.dll
12:09:18.0781 0x0ba8 C:\Program Files\Common Files\System\ado\msadrh15.dll - ok
12:09:18.0796 0x0ba8 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] C:\WINDOWS\system32\clusapi.dll
12:09:18.0796 0x0ba8 C:\WINDOWS\system32\clusapi.dll - ok
12:09:18.0796 0x0ba8 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] C:\WINDOWS\system32\colbact.dll
12:09:18.0796 0x0ba8 C:\WINDOWS\system32\colbact.dll - ok
12:09:18.0796 0x0ba8 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] C:\WINDOWS\system32\mtxclu.dll
12:09:18.0796 0x0ba8 C:\WINDOWS\system32\mtxclu.dll - ok
12:09:18.0796 0x0ba8 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] C:\WINDOWS\system32\resutils.dll
12:09:18.0796 0x0ba8 C:\WINDOWS\system32\resutils.dll - ok
12:09:18.0796 0x0ba8 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\WINDOWS\system32\wups.dll
12:09:18.0812 0x0ba8 C:\WINDOWS\system32\wups.dll - ok
12:09:18.0812 0x0ba8 [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] C:\WINDOWS\system32\wups2.dll
12:09:18.0812 0x0ba8 C:\WINDOWS\system32\wups2.dll - ok
12:09:18.0812 0x0ba8 [ 64072168E14612AD1B91CC082F352F7B, 329D0B9EE546EBE3E9ECDD7CA9438F7649CAF3FB1C9C07A3850561C458BF7B99 ] C:\Program Files\ESET\ESET Smart Security\eplgOE.dll
12:09:18.0812 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eplgOE.dll - ok
12:09:18.0812 0x0ba8 [ 2E0B0A051FFAA86E358465BB0880D453, 493CF6150DE95B269727631D50FE21405A41E449C4FF43E94F93D27559EA5624 ] C:\WINDOWS\system32\wuauclt.exe
12:09:18.0812 0x0ba8 C:\WINDOWS\system32\wuauclt.exe - ok
12:09:18.0812 0x0ba8 [ 0336502DA1E11FDFE2564E92EC900C92, 6872698BD8CF8026F504CFDEA5287B82D7908A2BAB36272DE6627678E78ED745 ] C:\Program Files\ESET\ESET Smart Security\eplgOutlook.dll
12:09:18.0812 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eplgOutlook.dll - ok
12:09:18.0828 0x0ba8 [ FEBEBB8E0DC066EBF28BAEFFF1ED9116, 1975A058C2F50E6B6B8DB54B49F20C783D9023D790ADFCFE39124745E95D85F4 ] C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\eplgTb.dll
12:09:18.0828 0x0ba8 C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird\Components\eplgTb.dll - ok
12:09:18.0828 0x0ba8 [ D1B01B7933F26211E80EAC667A909E1B, 9515F423FC74D84CB9B8CFDCB94017697D85ADBDFCECC9BE70D755D253EA7F27 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\patchw32.dll
12:09:18.0828 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\patchw32.dll - ok
12:09:18.0828 0x0ba8 [ A89A113103DE875E2BE00C156F722958, 03E7AB547ACF07E2D5C2A0AC467372B795E784F40AFF4EBD74D6906CFACA904A ] C:\Program Files\ESET\ESET Smart Security\PPESET.dll
12:09:18.0828 0x0ba8 C:\Program Files\ESET\ESET Smart Security\PPESET.dll - ok
12:09:18.0828 0x0ba8 [ 3D352809A80DDC40DA8E17EC9A0DC592, 32565B8AAEEEE3AED4C7553DF6A35AFEACFE6BF24589251FB009BB0BA982653D ] C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
12:09:18.0828 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll - ok
12:09:18.0843 0x0ba8 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
12:09:18.0843 0x0ba8 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
12:09:18.0843 0x0ba8 [ 941F24640CFF84EAEE29C9DDDEA945BF, C0CCA62BDB6684ACC2B4DD3AAE9990758E07B08090C8C2BF3532C27F5C4AB40D ] C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
12:09:18.0843 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll - ok
12:09:18.0843 0x0ba8 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
12:09:18.0843 0x0ba8 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
12:09:18.0843 0x0ba8 [ 16FA1DF10533B458D49522B384C4C36B, 37CB7B081CE947AA852438A85A372BE86899DEB3C41CFD97288E21BE65398367 ] C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
12:09:18.0843 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll - ok
12:09:18.0843 0x0ba8 [ F709C3AEC964D06A44AE379E227CD755, 991A28B5A468AEB5C8AB765DD351A4EC8EA63B8C840F84F6449AEA452C56E1DE ] C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
12:09:18.0843 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll - ok
12:09:18.0859 0x0ba8 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
12:09:18.0859 0x0ba8 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
12:09:18.0859 0x0ba8 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
12:09:18.0859 0x0ba8 C:\WINDOWS\system32\wbem\esscli.dll - ok
12:09:18.0859 0x0ba8 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
12:09:18.0859 0x0ba8 C:\WINDOWS\system32\wbem\fastprox.dll - ok
12:09:18.0859 0x0ba8 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
12:09:18.0859 0x0ba8 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
12:09:18.0875 0x0ba8 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
12:09:18.0875 0x0ba8 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
12:09:18.0875 0x0ba8 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
12:09:18.0875 0x0ba8 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
12:09:18.0875 0x0ba8 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
12:09:18.0875 0x0ba8 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
12:09:18.0875 0x0ba8 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
12:09:18.0875 0x0ba8 C:\WINDOWS\system32\wbem\wbemess.dll - ok
12:09:18.0890 0x0ba8 [ 3D8C90B409CF13554AC6CAFC058513B7, ADE77C27D2253B927E02C49299B4981590924601024950435684B0AC345E4F07 ] C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
12:09:18.0890 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll - ok
12:09:18.0890 0x0ba8 [ FBA5A7C7A180233700E35751B910F14A, 22625494D4EA07F884A45A7696D803578F756EE43695E25370A986671448BFAB ] C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
12:09:18.0890 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll - ok
12:09:18.0890 0x0ba8 [ F9F62FA16CBBD9A604974D8B9404B32A, B05734E1CC6EAE9D0661DE8CD894588DCEDFCA9F49C74DAD542EC665DEBADF66 ] C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
12:09:18.0890 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll - ok
12:09:18.0890 0x0ba8 [ 5AE3ABEF6725896390835EE3119AC36A, 738D741BCF1473F114EE6E9FD4C950DDC6FC1D4720C39B7664A0EFDEA00A1A53 ] C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
12:09:18.0890 0x0ba8 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll - ok
12:09:18.0890 0x0ba8 [ 991DC41A71D8ADF181AA24DF3DB58716, 985035A17D6033921C5C52E838340B0337898D78B2D4A099291341DA21B56FBC ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\lgpl.dll
12:09:18.0890 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\lgpl.dll - ok
12:09:18.0906 0x0ba8 [ E39314624966C74E97461B6A84C635FF, 2FFC798657ACE87097CD63B79302E87C823520A98DBA27D5E655AFC0CC398E93 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\lib7zip.dll
12:09:18.0906 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\lib7zip.dll - ok
12:09:18.0906 0x0ba8 [ 36B47833678775086077F4CFAE9D56C6, A1D57C93DC70CEBDC83C3927A719A5BB1CF86EA81FD7FB09FB75EDFF7864172C ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
12:09:18.0906 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll - ok
12:09:18.0906 0x0ba8 [ 0A47541912D7177A44F60E29024741A3, 811B41BC92C76253B592262A328437D6C11AE0CC8342AF0CDF9847DE0DE6EED4 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libCHM.dll
12:09:18.0906 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libCHM.dll - ok
12:09:18.0906 0x0ba8 [ 8E26FC15A5D8F112BAF0C54794D84B71, BF43EA17CEA11BB31A344129D666A07301A3DDFAC9218107914158E80695033F ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libEmail.dll
12:09:18.0906 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libEmail.dll - ok
12:09:18.0921 0x0ba8 [ C8AE09AD673A81DE7BF3AC12E437C392, 9D03D1E62E0A11ED9921C025F4A7D6BA0DD2CAC2EA7F158D4277612C62C23799 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
12:09:18.0921 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll - ok
12:09:18.0921 0x0ba8 [ 3EE2251149A59866F11D990FDCD2CF60, E7807359A72EC4AD3D2FAB9FB1D1156309F509B853FB72072E4E78960BC95260 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMsCab.dll
12:09:18.0921 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMsCab.dll - ok
12:09:18.0921 0x0ba8 [ D70547CEC3D96C8C35B4B6FE23DF8A73, 03BAB459B1175FBEC215E5D50C698B319FA03FB1D8FB3B80FBFE8F472421BC32 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMsi.dll
12:09:18.0921 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMsi.dll - ok
12:09:18.0921 0x0ba8 [ B64AB6D4A0276E9E83B2C5F4FD28DB31, 9C1307E0993E404792D978C5861B0543D2D950C3D4E2C44B534A12D40B474E90 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libNSIS.dll
12:09:18.0921 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libNSIS.dll - ok
12:09:18.0937 0x0ba8 [ 983095A76FFD1E92E872A9FF76483DA5, 8CA26939B49B3F8C8EFA8CAED5157B1BA1DFC760F569AA5335DFFC35E76E0C78 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libOleA.dll
12:09:18.0937 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libOleA.dll - ok
12:09:18.0937 0x0ba8 [ B70ECE2B06DB39164174CC14A0920BA0, A0BFA30D8842D540784D2A0603B2E4F3179141F85A8A180A5523E60B99A6F4C3 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libRar.dll
12:09:18.0937 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libRar.dll - ok
12:09:18.0937 0x0ba8 [ 828F6AB6A1E957A7DE5231895A8ABAA8, ECD6086AD7E6407E7E5A771ACC8E135BB11646D45E27E9809268F2A727F62CEA ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libRTF.dll
12:09:18.0937 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libRTF.dll - ok
12:09:18.0937 0x0ba8 [ 8AECF6ABED23DD8E0AC0C9D5737818C1, CAE7BE49E9A4C2AAC1EDA048946B575D38B5CF4F20B2D28A5B04F594E5BD7008 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libtd.dll
12:09:18.0937 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libtd.dll - ok
12:09:18.0937 0x0ba8 [ 81E96701E44A8BA88223D41F06E7774F, 7E8345F622E6E33273293224F1C5D6288D3BE84A5F473C9669CF88E7D8846CB5 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libVvs.dll
12:09:18.0937 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libVvs.dll - ok
12:09:18.0953 0x0ba8 [ B56F1B0D20EECC2F8143EC0464EE9328, 6E30450F0F29BB24D8D984D826282BCB11AFE2DF5E91ED30048FA21D75240492 ] C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libZip.dll
12:09:18.0953 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libZip.dll - ok
12:09:18.0953 0x0ba8 [ 5D43C9A33F18C707BA169AFDA88BDF30, 6796891360B4731B4F165300BD9FAC9A2A4C54E8CFF86DEC8036D3765AE4D9A3 ] C:\WINDOWS\system32\fltlib.dll
12:09:18.0953 0x0ba8 C:\WINDOWS\system32\fltlib.dll - ok
12:09:18.0953 0x0ba8 [ 0DFA4D5E8205614EDA53394E637812E4, EEFF82683D2818E505556DCDC220FC246DBE61612BD272CA844FC3FC8BADC0B1 ] C:\WINDOWS\system32\vdmdbg.dll
12:09:18.0953 0x0ba8 C:\WINDOWS\system32\vdmdbg.dll - ok
12:09:18.0953 0x0ba8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] C:\WINDOWS\system32\termsrv.dll
12:09:18.0953 0x0ba8 C:\WINDOWS\system32\termsrv.dll - ok
12:09:18.0968 0x0ba8 [ DF6551E4C4C46655A0C76194F1FCEA5D, F3895AE4B36BC85C458EDC85FBD1F5AB5C33913CD91C60A65083DC0BDD037BF5 ] C:\WINDOWS\system32\icaapi.dll
12:09:18.0968 0x0ba8 C:\WINDOWS\system32\icaapi.dll - ok
12:09:18.0968 0x0ba8 [ 2D65D56C2F8B6CC5EBFF8E7200C30304, 10CD5FF00D110D1AE2313DBCBDB17C2B9DFF930F5DAD65C35C08FCF9C152C053 ] C:\WINDOWS\system32\mstlsapi.dll
12:09:18.0968 0x0ba8 C:\WINDOWS\system32\mstlsapi.dll - ok
12:09:18.0968 0x0ba8 [ 92CBB3232BFE10359955F182C5967E16, EE13480583A3E40F4DE30CD76D133DF065CB8EDA6480F3E4F21D8280A4BA3111 ] C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvcPS.dll
12:09:18.0968 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvcPS.dll - ok
12:09:18.0968 0x0ba8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] C:\WINDOWS\system32\imapi.exe
12:09:18.0968 0x0ba8 C:\WINDOWS\system32\imapi.exe - ok
12:09:18.0968 0x0ba8 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] C:\WINDOWS\system32\netcfgx.dll
12:09:18.0968 0x0ba8 C:\WINDOWS\system32\netcfgx.dll - ok
12:09:18.0984 0x0ba8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] C:\WINDOWS\system32\rasmans.dll
12:09:18.0984 0x0ba8 C:\WINDOWS\system32\rasmans.dll - ok
12:09:18.0984 0x0ba8 [ DCDD618BB311674CB6D3914BF24DF7C4, 036DC6311C3A79E3D709892697C999F2E859C6819DC180D5B3073211EC81484E ] C:\Program Files\Sunbelt Software\CounterSpy\SBAMRes.dll
12:09:18.0984 0x0ba8 C:\Program Files\Sunbelt Software\CounterSpy\SBAMRes.dll - ok
12:09:18.0984 0x0ba8 [ EE2182E2BB5286F143FA13B6FD626381, F421CC16C42E5E6809E181A004D5BC58805E33D891D854D71199C9655FC6A2DF ] C:\WINDOWS\system32\WgaTray.exe
12:09:18.0984 0x0ba8 C:\WINDOWS\system32\WgaTray.exe - ok
12:09:18.0984 0x0ba8 [ A54B37B101DD1D5F1C58C6D0141111AE, 01177E0229E4918201DCE124C2C5D6F0EDC6A296266E94CBDE3505501F6DE948 ] C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
12:09:18.0984 0x0ba8 C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe - ok
12:09:19.0000 0x0ba8 [ E058C4821D48E0A67F6069CB50818D44, FE2FC319357F206BE32CE0D3A0780A1682D17D091D689B3DC1F1F79463878C0B ] C:\WINDOWS\system32\LegitCheckControl.dll
12:09:19.0000 0x0ba8 C:\WINDOWS\system32\LegitCheckControl.dll - ok
12:09:19.0000 0x0ba8 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
12:09:19.0000 0x0ba8 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
12:09:19.0000 0x0ba8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] C:\WINDOWS\system32\tapisrv.dll
12:09:19.0000 0x0ba8 C:\WINDOWS\system32\tapisrv.dll - ok
12:09:19.0000 0x0ba8 [ DCDFA92D6C03D708A937B19B74EBCA57, 032B30B460C1DA9F877DEA975FBC7327FF8D34CB2ED4C27DF267E03B4C39D4E8 ] C:\Program Files\Common Files\Raxco\Shared\PDEnginePS.dll
12:09:19.0000 0x0ba8 C:\Program Files\Common Files\Raxco\Shared\PDEnginePS.dll - ok
12:09:19.0000 0x0ba8 [ E2F379FEF3C1D0B06D600038890293C8, 3F26789D1BA78A7C8036880D408E1769F2D3769AED990E74D0A5096841439AE2 ] C:\Program Files\Raxco\PerfectDisk\PDVmGuest.dll
12:09:19.0000 0x0ba8 C:\Program Files\Raxco\PerfectDisk\PDVmGuest.dll - ok
12:09:19.0015 0x0ba8 [ 6895427873D6C37A6D6DA7C3DB37DA14, 199E55B171752B32E172913BDD79D86E7298C7C6B838F871E937B5E1DF8C59F4 ] C:\WINDOWS\system32\licwmi.dll
12:09:19.0015 0x0ba8 C:\WINDOWS\system32\licwmi.dll - ok
12:09:19.0015 0x0ba8 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] C:\WINDOWS\system32\wbem\framedyn.dll
12:09:19.0015 0x0ba8 C:\WINDOWS\system32\wbem\framedyn.dll - ok
12:09:19.0015 0x0ba8 [ A693A49A67673F2C8D76797EA9A628D0, 479B6AE531EACC2A8C1B6BDE2AC1F6938753105790B0F04F81477F4CCD1C276E ] C:\WINDOWS\system32\licdll.dll
12:09:19.0015 0x0ba8 C:\WINDOWS\system32\licdll.dll - ok
12:09:19.0015 0x0ba8 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] C:\WINDOWS\system32\rastapi.dll
12:09:19.0015 0x0ba8 C:\WINDOWS\system32\rastapi.dll - ok
12:09:19.0031 0x0ba8 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] C:\WINDOWS\system32\unimdm.tsp
12:09:19.0031 0x0ba8 C:\WINDOWS\system32\unimdm.tsp - ok
12:09:19.0031 0x0ba8 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] C:\WINDOWS\system32\uniplat.dll
12:09:19.0031 0x0ba8 C:\WINDOWS\system32\uniplat.dll - ok
12:09:19.0031 0x0ba8 [ CAA87A1DBAF7899677239ED7E591F714, 8FF5DB5D7E64E145A6A6DAD53E398A4C755DEE04D7458831CFA95A978765A8DE ] C:\Program Files\Raxco\PerfectDisk\libeay32.dll
12:09:19.0031 0x0ba8 C:\Program Files\Raxco\PerfectDisk\libeay32.dll - ok
12:09:19.0031 0x0ba8 [ 99963F1E23AC6FABBDF14C469312E85E, 36F1AD3525DD0632CC3065ACE0FFF073DE179A65533DCE3A2826154F900163F3 ] C:\Program Files\Raxco\PerfectDisk\ssleay32.dll
12:09:19.0031 0x0ba8 C:\Program Files\Raxco\PerfectDisk\ssleay32.dll - ok
12:09:19.0031 0x0ba8 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] C:\WINDOWS\system32\kmddsp.tsp
12:09:19.0031 0x0ba8 C:\WINDOWS\system32\kmddsp.tsp - ok
12:09:19.0046 0x0ba8 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] C:\WINDOWS\system32\ipconf.tsp
12:09:19.0046 0x0ba8 C:\WINDOWS\system32\ipconf.tsp - ok
12:09:19.0046 0x0ba8 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] C:\WINDOWS\system32\ndptsp.tsp
12:09:19.0046 0x0ba8 C:\WINDOWS\system32\ndptsp.tsp - ok
12:09:19.0046 0x0ba8 [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] C:\WINDOWS\system32\drprov.dll
12:09:19.0046 0x0ba8 C:\WINDOWS\system32\drprov.dll - ok
12:09:19.0046 0x0ba8 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] C:\WINDOWS\system32\h323.tsp
12:09:19.0046 0x0ba8 C:\WINDOWS\system32\h323.tsp - ok
12:09:19.0062 0x0ba8 [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] C:\WINDOWS\system32\ntlanman.dll
12:09:19.0062 0x0ba8 C:\WINDOWS\system32\ntlanman.dll - ok
12:09:19.0062 0x0ba8 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] C:\WINDOWS\system32\cryptnet.dll
12:09:19.0062 0x0ba8 C:\WINDOWS\system32\cryptnet.dll - ok
12:09:19.0062 0x0ba8 [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] C:\WINDOWS\system32\netui0.dll
12:09:19.0062 0x0ba8 C:\WINDOWS\system32\netui0.dll - ok
12:09:19.0062 0x0ba8 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] C:\WINDOWS\system32\hid.dll
12:09:19.0062 0x0ba8 C:\WINDOWS\system32\hid.dll - ok
12:09:19.0078 0x0ba8 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] C:\WINDOWS\system32\hidphone.tsp
12:09:19.0078 0x0ba8 C:\WINDOWS\system32\hidphone.tsp - ok
12:09:19.0078 0x0ba8 [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] C:\WINDOWS\system32\netui1.dll
12:09:19.0078 0x0ba8 C:\WINDOWS\system32\netui1.dll - ok
12:09:19.0078 0x0ba8 [ 1BDC9238C84AC76A72B167FD682C762A, 68C104775ECBD23115371397F6961D1F9DC0DCADB58001E2CE2A8ECB4C275661 ] C:\Program Files\Raxco\PerfectDisk\PDVmGuestPS.dll
12:09:19.0078 0x0ba8 C:\Program Files\Raxco\PerfectDisk\PDVmGuestPS.dll - ok
12:09:19.0078 0x0ba8 [ 880F7ED2DF24DB14AF96C6D797958796, 294183E3E3928FC1796BDD180034F92C71DF2843877D35F75C8AA2E50600C66C ] C:\WINDOWS\system32\wbem\wbemdisp.dll
12:09:19.0078 0x0ba8 C:\WINDOWS\system32\wbem\wbemdisp.dll - ok
12:09:19.0078 0x0ba8 [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] C:\WINDOWS\system32\davclnt.dll
12:09:19.0078 0x0ba8 C:\WINDOWS\system32\davclnt.dll - ok
12:09:19.0093 0x0ba8 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] C:\WINDOWS\system32\rasppp.dll
12:09:19.0093 0x0ba8 C:\WINDOWS\system32\rasppp.dll - ok
12:09:19.0093 0x0ba8 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9, 8CF9C8882C1DF59E51E2D65425C595E1C37005E6F94C47EBCDEBFF991788C162 ] C:\WINDOWS\system32\msxml6.dll
12:09:19.0093 0x0ba8 C:\WINDOWS\system32\msxml6.dll - ok
12:09:19.0093 0x0ba8 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] C:\WINDOWS\system32\ntlsapi.dll
12:09:19.0093 0x0ba8 C:\WINDOWS\system32\ntlsapi.dll - ok
12:09:19.0093 0x0ba8 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] C:\WINDOWS\system32\rasqec.dll
12:09:19.0093 0x0ba8 C:\WINDOWS\system32\rasqec.dll - ok
12:09:19.0109 0x0ba8 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] C:\WINDOWS\system32\wbem\cimwin32.dll
12:09:19.0109 0x0ba8 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
12:09:19.0109 0x0ba8 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] C:\WINDOWS\system32\rasdlg.dll
12:09:19.0109 0x0ba8 C:\WINDOWS\system32\rasdlg.dll - ok
12:09:19.0109 0x0ba8 [ C3BA67167ABFAC31C39BC959B250CED8, 227F1ADE7CC250F00B9327753E1D8AE6247F921B001B27E61226CE86B4B5F096 ] C:\Program Files\Common Files\Raxco\Shared\sqlceoledb35.dll
12:09:19.0109 0x0ba8 C:\Program Files\Common Files\Raxco\Shared\sqlceoledb35.dll - ok
12:09:19.0109 0x0ba8 [ 958582542E5827C3B1B191F1C6C123F4, 94CF89210F733AB8625750923335D60B52D0D26F084A39670C41ED247CFC2FB6 ] C:\Program Files\Common Files\Raxco\Shared\sqlcese35.dll
12:09:19.0109 0x0ba8 C:\Program Files\Common Files\Raxco\Shared\sqlcese35.dll - ok
12:09:19.0125 0x0ba8 [ 36CCD0CFE3FC326260BAA7425BDE5C9A, 84C5AFB1EA50321210E1C0D74BAF59FD47B256ADCD3E360CA170F02DC5DDEF7B ] C:\Program Files\Common Files\Raxco\Shared\sqlceqp35.dll
12:09:19.0125 0x0ba8 C:\Program Files\Common Files\Raxco\Shared\sqlceqp35.dll - ok
12:09:19.0125 0x0ba8 [ 16E3B6D8E2AF7AF77831121AC75C4A62, 7F310CA21EEEBB05AA30E8E3BBB7F67E416EE29BE3062BA6214AC3C534BC687D ] C:\Program Files\Common Files\Raxco\Shared\PDUtils.dll
12:09:19.0125 0x0ba8 C:\Program Files\Common Files\Raxco\Shared\PDUtils.dll - ok
12:09:19.0125 0x0ba8 [ ACDAFCD14EC0ECE89198503746A5C147, F90876961B6966915C4A1847F91F45282FFA48140D01503EF9013E774661C4E8 ] C:\WINDOWS\system32\perfos.dll
12:09:19.0125 0x0ba8 C:\WINDOWS\system32\perfos.dll - ok
12:09:19.0125 0x0ba8 [ ABFB673B24A9B3287761D497529FB5B9, FD0DEC392BE1632C33E90981D799DD5C11C9D257F0B1D3190FA32658EB706F0A ] C:\WINDOWS\system32\perfdisk.dll
12:09:19.0125 0x0ba8 C:\WINDOWS\system32\perfdisk.dll - ok
12:09:19.0125 0x0ba8 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
12:09:19.0125 0x0ba8 C:\WINDOWS\system32\wbem\ncprov.dll - ok
12:09:19.0140 0x0ba8 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
12:09:19.0140 0x0ba8 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
12:09:19.0140 0x0ba8 [ D9184C5FF3FD526761D518A95ABA74A3, 0C1162320A7F6CD5DC0D55046310CDD755F37FBF0E079CB8A1579AABBB449C9D ] C:\Program Files\Mozilla Firefox\firefox.exe
12:09:19.0140 0x0ba8 C:\Program Files\Mozilla Firefox\firefox.exe - ok
12:09:19.0140 0x0ba8 [ 67EC459E42D3081DD8FD34356F7CAFC1, 1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
12:09:19.0140 0x0ba8 C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
12:09:19.0140 0x0ba8 [ EFCD571D096682970EF998DD7154EBC3, AA32C806841251C2528DD81225EBC072BC4509CC586D0B8A65319F0BDA22D92F ] C:\Program Files\Mozilla Firefox\mozglue.dll
12:09:19.0140 0x0ba8 C:\Program Files\Mozilla Firefox\mozglue.dll - ok
12:09:19.0156 0x0ba8 [ 03E9314004F504A14A61C3D364B62F66, A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F ] C:\Program Files\Mozilla Firefox\msvcp100.dll
12:09:19.0156 0x0ba8 C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
12:09:19.0156 0x0ba8 [ F87EAF29C38913728E14EF9645EED92F, 40BF0483D6DF0BFD508D91C87561080537D9AE469661D20776B617456BA4BB4F ] C:\Program Files\Mozilla Firefox\nss3.dll
12:09:19.0156 0x0ba8 C:\Program Files\Mozilla Firefox\nss3.dll - ok
12:09:19.0156 0x0ba8 [ 7919F90EAE0C6B6085E7AF7F47B14C0F, DF54FF05291A1A177AB57CF8FD0C311EAF14BD5039223F81280F004209A47369 ] C:\Program Files\Mozilla Firefox\mozjs.dll
12:09:19.0156 0x0ba8 C:\Program Files\Mozilla Firefox\mozjs.dll - ok
12:09:19.0156 0x0ba8 [ 80537057E6EFDC1272F8AF572DAF0FBB, EF925907D18D82795C54245DE1ED0B9EC13553F64C1A7969C3CCFDEF8F40A1D9 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
12:09:19.0156 0x0ba8 C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
12:09:19.0156 0x0ba8 [ 0A09A781B1A209BDCC8E7431055E4C45, 69D439327B5436517424EE9119E3FD2477BE90ADC82EBFD4C857D7B0B28FC52E ] C:\Program Files\Mozilla Firefox\gkmedias.dll
12:09:19.0156 0x0ba8 C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
12:09:19.0171 0x0ba8 [ 1D845821F5ADB076831DE4C2818F858B, 5F1F18042E6B16BC149F2B0F22ECE3D3668E846C843F016D33C9E6C60E2D64C6 ] C:\WINDOWS\system32\usp10.dll
12:09:19.0171 0x0ba8 C:\WINDOWS\system32\usp10.dll - ok
12:09:19.0171 0x0ba8 [ DA7214AF0526F182E5AB0244358AE365, 2F39A3E47221CBA6B18A78E8A77DA6B07D4FBA92545BFBE9E235A6F5475EDE10 ] C:\Program Files\Mozilla Firefox\xul.dll
12:09:19.0171 0x0ba8 C:\Program Files\Mozilla Firefox\xul.dll - ok
12:09:19.0171 0x0ba8 [ C6097B864F628594ED3E53BA55FE0E0C, 8E3F147436F0E903023EE6DB4A426FBC7F566935DE997C1374CC76F73B229884 ] C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll
12:09:19.0171 0x0ba8 C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll - ok
12:09:19.0171 0x0ba8 [ C6BCC1BE95AE7258D013EEA1C9159C8D, C04369023EC1FAA55B2FE0F1B773F709E0F33E764C677E8D3D50503BA0BFD011 ] C:\Program Files\Mozilla Firefox\softokn3.dll
12:09:19.0171 0x0ba8 C:\Program Files\Mozilla Firefox\softokn3.dll - ok
12:09:19.0187 0x0ba8 [ 193A0626CA65A5AEDDDD161560615D24, CA94E62AE7324DC28C4AB55E0233D5471AE396C73E67CC21E365237D2505DB83 ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
12:09:19.0187 0x0ba8 C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
12:09:19.0187 0x0ba8 [ CAD0B60DF3E790FA7DDD205C117BA5C0, 24F5AA7A81739E8D8ACAC1BC256A7AE8BDFE76EEB53830BDD389B5DFB916D22B ] C:\Program Files\Mozilla Firefox\freebl3.dll
12:09:19.0187 0x0ba8 C:\Program Files\Mozilla Firefox\freebl3.dll - ok
12:09:19.0187 0x0ba8 [ 463DADBE8F36AB3C8906D5BE6012659D, A63BE9AF340D2C5A95D97D2F97587F610D51B33D7829C422D0EB42B06548C64D ] C:\Program Files\Mozilla Firefox\nssckbi.dll
12:09:19.0187 0x0ba8 C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
12:09:19.0187 0x0ba8 [ 0607CBC6FA20114CB491EFE4B2F9EFAD, F1ABF07CC45F9C013B9F53E64820ECB12AC9B1E681B9A1703E30A0637E7D9BB6 ] C:\WINDOWS\system32\d3d9.dll
12:09:19.0187 0x0ba8 C:\WINDOWS\system32\d3d9.dll - ok
12:09:19.0187 0x0ba8 [ 31B067C412FA1A9BAD3CA2A63D7DA440, 7A3A1767C42A3CDE83A56780C15887494C2A69197FE964E2A902F99A456BE581 ] C:\WINDOWS\system32\d3d8thk.dll
12:09:19.0187 0x0ba8 C:\WINDOWS\system32\d3d8thk.dll - ok
12:09:19.0203 0x0ba8 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] C:\WINDOWS\system32\security.dll
12:09:19.0203 0x0ba8 C:\WINDOWS\system32\security.dll - ok
12:09:19.0203 0x0ba8 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] C:\WINDOWS\system32\wbem\wmipcima.dll
12:09:19.0203 0x0ba8 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
12:09:19.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:20.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:21.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:22.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:23.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:24.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:25.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:26.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:27.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:28.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:29.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:30.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:31.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:32.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:33.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:34.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:35.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:36.0203 0x0ba8 Waiting for KSN requests completion. In queue: 31
12:09:37.0234 0x0ba8 AV detected via SS1: ESET Smart Security 4.0, 4.0, enabled, updated
12:09:37.0234 0x0ba8 FW detected via SS1: ESET Personal firewall, 4.0.314.0, disabled
12:09:37.0234 0x0ba8 FW detected via SS1: ZoneAlarm Firewall, 9.3.014.000, disabled
12:09:54.0750 0x0ba8 ============================================================
12:09:54.0750 0x0ba8 Scan finished
12:09:54.0750 0x0ba8 ============================================================
12:09:54.0750 0x0ba0 Detected object count: 13
12:09:54.0750 0x0ba0 Actual detected object count: 13
12:11:30.0671 0x0ba0 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0671 0x0ba0 cvintdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 cvintdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0671 0x0ba0 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0671 0x0ba0 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0671 0x0ba0 moufiltr ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 moufiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0671 0x0ba0 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0671 0x0ba0 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0671 0x0ba0 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:30.0671 0x0ba0 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:30.0750 0x0ba0 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine
12:11:31.0640 0x0ba0 C:\WINDOWS\system32\normnnfkd.nls - copied to quarantine
12:11:31.0796 0x0ba0 C:\WINDOWS\$NtUninstallKB36814$\2832607000\@ - copied to quarantine
12:11:31.0796 0x0ba0 C:\WINDOWS\$NtUninstallKB36814$\2832607000\Desktop.ini - copied to quarantine
12:11:31.0843 0x0ba0 C:\WINDOWS\$NtUninstallKB36814$\2832607000\L\igtjjlqa - copied to quarantine
12:11:33.0000 0x0ba0 Backup copy found, using it..
12:11:33.0265 0x0ba0 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
12:11:33.0312 0x0ba0 C:\WINDOWS\system32\normnnfkd.nls - will be deleted on reboot
12:11:33.0359 0x0ba0 C:\WINDOWS\$NtUninstallKB36814$\125803589 - will be deleted on reboot
12:11:33.0359 0x0ba0 C:\WINDOWS\$NtUninstallKB36814$\2832607000\@ - will be deleted on reboot
12:11:33.0359 0x0ba0 C:\WINDOWS\$NtUninstallKB36814$\2832607000\Desktop.ini - will be deleted on reboot
12:11:33.0390 0x0ba0 redbook ( Virus.Win32.ZAccess.k ) - User select action: Cure
12:11:33.0390 0x0ba0 ScsiAccess ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:33.0390 0x0ba0 ScsiAccess ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:33.0390 0x0ba0 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:33.0390 0x0ba0 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:33.0390 0x0ba0 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:33.0390 0x0ba0 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:33.0390 0x0ba0 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:11:33.0390 0x0ba0 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:11:33.0625 0x0ba0 KLMD registered as C:\WINDOWS\system32\drivers\07685366.sys
12:11:40.0375 0x0320 Deinitialize success
  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hi Jackpine,
There is no harm in using your CounterSpy program, but since it's not being updated and supported any more, it's kind of frozen in time. I imagine it would be still effective against older malware, but it won't help you with anything new floating around.
I am glad you use MBAM for your on demand scans, I feel that it is suffecient and could replace CounterSpy, totally your call.

Hitman Pro is probably just a remnant, but it was on there at some point, I can remove the folder that I see.

I also must bring up the fact that you are running Windows XP - The support for Windows XP with Service Pack 3 ends April 8, 2014.
After that date XP is considered at end of life. There will be no more security updates after that date, so XP will become pretty vulnerable.

As for the garbage you had, it's called ZeroAccess, or Sirefef by some companies. When I see this on a computer I offer up this standard warning:
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

We have actually removed the active ZA infection, but there is still damage to repair.

Step 1
ESET service repair

  • Download ESET Service Repair from here and save it to your Desktop
  • Right click on the icon and select Run as administrator (Windows Vista, 7 and 8 only)
  • Click on the Yes button to start
  • Follow the prompts to fix your services. Once the program is done it will ask you to reboot your computer, choose Yes.
  • The program will create a log file in the same folder that the tool was run from (desktop). Please copy and paste the contents of CC Support\SvcRepair.txt in your next response

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the 32 bit version of the tool.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Step 3
I need to see if a certain registry key is present in regards to your autoplay issue:
Run OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on the None button (its just below the Quick Scan button)
  • Under the Custom Scan box paste this in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf

  • Click the Run Scan button. Do not change any other settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in the same location as the OTL program (desktop)
  • Post this log in your next response


In your next reply I would like to see:
  • Log file from ESET services repair
  • FRST log
  • Addition.txt
  • OTL custom scan log

  • 0

#7
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
Crowbar, let's proceed with cleaning to the maximum extent possible. I (and billions of others probably) still need to figure out what to do with the upcoming end of support to Windows XP. In the meantime, let's press on.

(Please remove the remnant of Hitman Pro.) Logs as requested are found below.

ESET services repair log:

Log Opened: 2014-03-01 @ 16:15:17
16:15:17 - -----------------
16:15:17 - | Begin Logging |
16:15:17 - -----------------
16:15:17 - Fix started on a WIN_XP X86 computer
16:15:17 - Prep in progress. Please Wait.
16:15:24 - Prep complete
16:15:24 - Repairing Services Now. Please wait...

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
16:15:29 - Services Repair Complete.
16:15:34 - Reboot Initiated

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-03-2014
Ran by Robert (administrator) on FIRSTBUILD on 01-03-2014 16:23:59
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Sunbelt Software) C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
(Sunbelt Software) C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
() C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Sunbelt Software) C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [2021400 2009-02-06] (ESET)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4359600 2009-01-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960560 2009-01-21] (Acronis)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13670504 2010-04-03] (NVIDIA Corporation)
HKLM\...\Run: [SBAMTray] - C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [1348944 2010-08-20] (Sunbelt Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {EF8CA572-5715-47F4-9829-1C110E04F599} URL = http://gb.iamwired.n...h={SearchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default
FF Homepage: hxxp://easy-google-search.blogspot.com
FF Keyword.URL: hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll ( )
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-02-06] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [727720 2009-02-06] (ESET)
S2 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe [3584 2004-08-04] (Microsoft Corporation)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1252616 2011-07-07] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2111752 2011-07-07] (Raxco Software, Inc.)
S2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] ()
R2 SBAMSvc; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2763080 2010-08-20] (Sunbelt Software)
R2 SBPIMSvc; C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [181584 2010-08-20] (Sunbelt Software)
R2 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] ()
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks)
S3 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] ()
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] ()
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [138768 2011-06-30] (Raxco Software, Inc.)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [113448 2009-02-06] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [106208 2009-02-06] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S4 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [130952 2009-02-06] (ESET)
S4 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [56280 2009-02-06] (ESET)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-03-31] ()
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [66320 2011-06-30] (Raxco Software, Inc.)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [21464 2010-06-14] (Sunbelt Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [69976 2010-06-14] (Sunbelt Software)
S3 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [98392 2010-05-13] (Sunbelt Software)
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [285952 2007-12-06] (Marvell)
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
U2 ccEvtMgr;
U2 ccSetMgr;
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; No ImagePath
S3 GMSIPCI; No ImagePath
S4 IntelIde; No ImagePath
U3 navapsvc;
S3 NTACCESS; No ImagePath
U2 RemoteRegistry;
U3 SAVRT;
U1 SAVRTPEL;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 SpyEmrg; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-08] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 16:23 - 2014-03-01 16:24 - 00015602 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-03-01 16:23 - 2014-03-01 16:23 - 01144320 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-03-01 16:23 - 2014-03-01 16:23 - 00000000 ____D () C:\FRST
2014-03-01 16:15 - 2014-03-01 16:15 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2014-03-01 16:14 - 2014-03-01 16:14 - 04009167 _____ () C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
2014-03-01 13:36 - 2014-03-01 13:36 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-03-01_13-36-36.txt
2014-03-01 12:18 - 2014-03-01 12:18 - 00869456 _____ () C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
2014-03-01 12:11 - 2014-03-01 12:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-01 11:54 - 2014-03-01 11:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
2014-03-01 11:47 - 2014-03-01 11:47 - 00000000 ____D () C:\_OTL
2014-02-28 16:43 - 2014-02-28 16:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Robert\Desktop\OTL.exe
2014-02-24 22:31 - 2014-02-24 22:31 - 00001918 _____ () C:\Documents and Settings\Robert\Desktop\Sonya Collectors Edition.lnk
2014-02-24 22:31 - 2014-02-24 22:31 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\Sonya Collectors Edition
2014-02-24 22:30 - 2014-02-24 22:30 - 00000000 ____D () C:\Program Files\Games
2014-02-24 16:50 - 2014-02-25 13:55 - 00000000 ____D () C:\HP Scans
2014-02-23 21:27 - 2014-02-23 21:27 - 00282016 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-23 17:24 - 2014-02-23 17:34 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
2014-02-23 07:31 - 2014-02-23 07:31 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-23_07-31-42.txt
2014-02-23 07:31 - 2014-02-23 07:31 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-23_07-31-13.txt
2014-02-22 22:45 - 2014-02-22 22:45 - 00000936 _____ () C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
2014-02-22 22:45 - 2014-02-22 22:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-02-22 22:45 - 2014-02-06 13:00 - 00112640 _____ () C:\WINDOWS\system32\ff_vfw.dll
2014-02-22 22:45 - 2013-03-17 12:21 - 03649536 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2014-02-22 22:45 - 2012-07-21 06:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2014-02-22 22:45 - 2011-12-07 13:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2014-02-22 22:45 - 2011-06-24 10:44 - 00243200 _____ () C:\WINDOWS\system32\xvidvfw.dll
2014-02-22 22:45 - 2011-06-24 10:28 - 00650752 _____ () C:\WINDOWS\system32\xvidcore.dll
2014-02-22 22:45 - 2011-06-22 10:14 - 00000714 _____ () C:\WINDOWS\system32\ff_vfw.dll.manifest
2014-02-22 15:56 - 2014-02-22 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
2014-02-21 18:20 - 2014-02-21 18:20 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-21_18-20-31.txt
2014-02-20 17:56 - 2014-02-20 17:56 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-56-26.txt
2014-02-20 17:56 - 2014-02-20 17:56 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-56-42.txt
2014-02-20 17:28 - 2014-02-20 17:28 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-28-53.txt
2014-02-20 17:28 - 2014-02-20 17:28 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-28-39.txt
2014-02-19 23:12 - 2014-02-19 23:12 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_23-12-00.txt
2014-02-19 23:07 - 2014-02-19 23:07 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
2014-02-19 21:14 - 2014-02-19 21:14 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_21-14-40.txt
2014-02-19 18:13 - 2014-02-19 18:13 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_18-13-15.txt
2014-02-19 18:12 - 2014-02-19 18:12 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_18-12-25.txt
2014-02-15 14:08 - 2014-02-15 14:08 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\GrandMA Studios
2014-02-15 13:23 - 2014-02-15 13:23 - 00000000 ____D () C:\WINDOWS\Whispered Secrets 2 - Into the Beyond Collectors Edition
2014-02-15 08:17 - 2014-02-15 08:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 17:10 - 2014-02-14 17:10 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\BlamGames
2014-02-12 17:05 - 2014-02-12 17:05 - 00012896 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 16:57 - 2014-02-12 17:05 - 00004180 _____ () C:\WINDOWS\updspapi.log
2014-02-12 16:57 - 2014-02-12 16:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 16:52 - 2014-02-22 17:10 - 00029903 _____ () C:\WINDOWS\setupapi.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00018549 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00006137 _____ () C:\WINDOWS\comsetup.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00003726 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00002956 _____ () C:\WINDOWS\iis6.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 16:52 - 2014-02-12 17:05 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 16:52 - 2014-02-12 16:57 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 16:52 - 2014-02-12 16:52 - 00004264 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 16:52 - 2014-02-12 16:52 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-12 16:52 - 2014-02-12 16:52 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-12 16:44 - 2014-02-12 16:57 - 00009411 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 16:16 - 2014-02-11 16:16 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\MPC-HC
2014-02-04 20:19 - 2014-02-04 20:19 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Deep Shadows
2014-02-04 18:24 - 2014-02-04 18:24 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Anarchy

==================== One Month Modified Files and Folders =======

2014-03-01 16:24 - 2014-03-01 16:23 - 00015602 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-03-01 16:23 - 2014-03-01 16:23 - 01144320 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-03-01 16:23 - 2014-03-01 16:23 - 00000000 ____D () C:\FRST
2014-03-01 16:20 - 2006-06-03 17:06 - 01533254 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-01 16:18 - 2004-08-04 07:00 - 00013710 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-01 16:17 - 2013-09-14 19:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-01 16:17 - 2013-09-14 19:51 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-01 16:17 - 2010-04-03 18:22 - 00273231 _____ () C:\WINDOWS\system32\NvApps.xml
2014-03-01 16:17 - 2010-03-11 22:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 16:17 - 2006-06-03 17:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-01 16:15 - 2014-03-01 16:15 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2014-03-01 16:15 - 2008-08-16 08:32 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\uTorrent
2014-03-01 16:15 - 2006-06-03 17:31 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-01 16:14 - 2014-03-01 16:14 - 04009167 _____ () C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
2014-03-01 16:09 - 2013-05-25 07:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-01 16:06 - 2010-03-11 22:40 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 16:01 - 2010-10-30 13:18 - 00002521 _____ () C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2014-03-01 14:57 - 2010-10-30 13:30 - 00002515 _____ () C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2014-03-01 13:36 - 2014-03-01 13:36 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-03-01_13-36-36.txt
2014-03-01 13:04 - 2010-10-30 12:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2014-03-01 13:04 - 2007-01-13 17:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-03-01 12:18 - 2014-03-01 12:18 - 00869456 _____ () C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
2014-03-01 12:12 - 2006-06-03 12:50 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys
2014-03-01 12:11 - 2014-03-01 12:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-01 11:54 - 2014-03-01 11:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
2014-03-01 11:47 - 2014-03-01 11:47 - 00000000 ____D () C:\_OTL
2014-02-28 16:47 - 2006-06-03 17:05 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-28 16:43 - 2014-02-28 16:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Robert\Desktop\OTL.exe
2014-02-25 13:55 - 2014-02-24 16:50 - 00000000 ____D () C:\HP Scans
2014-02-24 22:32 - 2013-12-19 12:29 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Specialbit
2014-02-24 22:31 - 2014-02-24 22:31 - 00001918 _____ () C:\Documents and Settings\Robert\Desktop\Sonya Collectors Edition.lnk
2014-02-24 22:31 - 2014-02-24 22:31 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\Sonya Collectors Edition
2014-02-24 22:30 - 2014-02-24 22:30 - 00000000 ____D () C:\Program Files\Games
2014-02-23 21:27 - 2014-02-23 21:27 - 00282016 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-23 17:34 - 2014-02-23 17:24 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
2014-02-23 17:34 - 2013-02-08 06:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-02-23 17:24 - 2012-09-10 15:04 - 00000000 ____D () C:\Program Files\Counterspy Definitions Updates
2014-02-23 16:55 - 2013-12-19 13:34 - 00000000 ____D () C:\Documents and Settings\Robert\Scans
2014-02-23 16:52 - 2006-06-03 17:32 - 00000000 ____D () C:\Documents and Settings\Robert
2014-02-23 07:31 - 2014-02-23 07:31 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-23_07-31-42.txt
2014-02-23 07:31 - 2014-02-23 07:31 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-23_07-31-13.txt
2014-02-22 22:55 - 2013-04-15 15:14 - 00000000 ____D () C:\JRT
2014-02-22 22:45 - 2014-02-22 22:45 - 00000936 _____ () C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
2014-02-22 22:45 - 2014-02-22 22:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-02-22 22:45 - 2006-06-09 22:18 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-02-22 17:10 - 2014-02-12 16:52 - 00029903 _____ () C:\WINDOWS\setupapi.log
2014-02-22 15:56 - 2014-02-22 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
2014-02-22 15:55 - 2006-06-09 22:04 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-02-21 18:20 - 2014-02-21 18:20 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-21_18-20-31.txt
2014-02-20 22:10 - 2013-05-10 19:36 - 00000000 ____D () C:\WINDOWS\Shiver 3 - Moonlit Grove Collector's Edition
2014-02-20 22:09 - 2013-08-25 19:37 - 00000000 ____D () C:\AdwCleaner
2014-02-20 18:55 - 2010-10-30 13:33 - 00002473 _____ () C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk
2014-02-20 18:09 - 2012-08-13 15:23 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 18:09 - 2012-08-13 15:23 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-20 17:56 - 2014-02-20 17:56 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-56-26.txt
2014-02-20 17:56 - 2014-02-20 17:56 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-56-42.txt
2014-02-20 17:28 - 2014-02-20 17:28 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-28-53.txt
2014-02-20 17:28 - 2014-02-20 17:28 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-20_17-28-39.txt
2014-02-19 23:12 - 2014-02-19 23:12 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_23-12-00.txt
2014-02-19 23:07 - 2014-02-19 23:07 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
2014-02-19 21:14 - 2014-02-19 21:14 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_21-14-40.txt
2014-02-19 18:13 - 2014-02-19 18:13 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_18-13-15.txt
2014-02-19 18:12 - 2014-02-19 18:12 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-02-19_18-12-25.txt
2014-02-19 16:45 - 2014-01-12 20:45 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\ERS Game Studios
2014-02-19 16:33 - 2013-08-23 21:46 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Blue Tea Games
2014-02-17 16:50 - 2006-06-03 12:41 - 00000000 ____D () C:\WINDOWS\Help
2014-02-15 14:08 - 2014-02-15 14:08 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\GrandMA Studios
2014-02-15 13:23 - 2014-02-15 13:23 - 00000000 ____D () C:\WINDOWS\Whispered Secrets 2 - Into the Beyond Collectors Edition
2014-02-15 13:21 - 2013-03-20 17:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 11:50 - 2012-01-28 20:02 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Boomzap
2014-02-15 08:17 - 2014-02-15 08:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 17:10 - 2014-02-14 17:10 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\BlamGames
2014-02-12 17:26 - 2006-06-03 12:49 - 00724282 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 17:17 - 2006-12-11 16:55 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 17:05 - 2014-02-12 17:05 - 00012896 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 17:05 - 2014-02-12 16:57 - 00004180 _____ () C:\WINDOWS\updspapi.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00018549 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00006137 _____ () C:\WINDOWS\comsetup.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00003726 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00002956 _____ () C:\WINDOWS\iis6.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 17:05 - 2014-02-12 16:52 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 17:05 - 2013-08-07 14:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 17:05 - 2009-04-28 22:29 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-12 16:59 - 2006-06-05 15:35 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 16:57 - 2014-02-12 16:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 16:57 - 2014-02-12 16:52 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 16:57 - 2014-02-12 16:44 - 00009411 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 16:52 - 2014-02-12 16:52 - 00004264 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 16:52 - 2014-02-12 16:52 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-02-12 16:52 - 2014-02-12 16:52 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-02-11 16:16 - 2014-02-11 16:16 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\MPC-HC
2014-02-06 13:00 - 2014-02-22 22:45 - 00112640 _____ () C:\WINDOWS\system32\ff_vfw.dll
2014-02-06 03:54 - 2004-08-04 07:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2004-08-04 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-13 14:48 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2010-06-08 21:15 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2009-06-09 21:55 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2009-06-09 21:55 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2008-09-04 18:49 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2008-09-04 18:49 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2008-09-04 18:49 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2008-09-04 18:49 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2006-10-17 11:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2006-06-03 17:05 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 07:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2004-08-04 07:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-04 20:19 - 2014-02-04 20:19 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Deep Shadows
2014-02-04 18:45 - 2013-04-20 11:09 - 00002359 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\PerfectDisk 12.lnk
2014-02-04 18:24 - 2014-02-04 18:24 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Anarchy
2014-02-03 19:57 - 2013-03-17 09:20 - 00000000 ____D () C:\Documents and Settings\Robert\Saved Sudoku

Files to move or delete:
====================
C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe
C:\Documents and Settings\Robert\mylist.dat
C:\Documents and Settings\Robert\utorrent.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2014
Ran by Robert at 2014-03-01 16:24:58
Running from C:\Documents and Settings\Robert\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 4.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Amnesia - The Dark Descent (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.4.1.0 - SlySoft)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version: - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version: - Scooter Software)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCE SP Trial Version (HKLM\...\CCE SP Trial Version) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version: - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version: - )
Corel Painter X (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
CounterSpy (HKLM\...\{9A1DEA53-94B4-4780-8F95-F422949A5A35}) (Version: 4.0.3904 - Sunbelt Software)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
DVDFab 9.0.1.5 (08/12/2012) Qt (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ESET Smart Security (HKLM\...\{F3E2505F-AA57-476B-9F67-F8C5E3938080}) (Version: 4.0.314.0 - ESET, spol s r. o.)
EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version: - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
IsoBuster 3.1 (HKLM\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
K-Lite Mega Codec Pack 10.3.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version: - Rene-Gilles Deberdt)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version: - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version: - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version: - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12561 - NVIDIA Corporation)
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version: - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk 12 Professional (HKLM\...\{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}) (Version: 12.00.275 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version: - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5345 - Realtek Semiconductor Corp.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Sonya Collectors Edition (HKLM\...\Sonya Collectors Edition1.0) (Version: 1.0 - Foxy Games)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Trojan Remover 6.8.3 (HKLM\...\Trojan Remover_is1) (Version: 6.8.3 - Simply Super Software)
Tweakui Powertoy for Windows XP (HKLM\...\{C7793EE8-F666-4E6B-9827-76468679480E}) (Version: 1.00.0001 - Microsoft Corporation)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Project 2007 Help (KB963668) (HKLM\...\{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{1DF07773-4289-4998-BC2C-83539AD85C50}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Visio 2007 Help (KB963666) (HKLM\...\{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB968220) (HKLM\...\KB968220-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version: - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Defender Signatures (Version: 1.20.0.0 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Restore Points =========================

28-02-2014 21:47:54 System Checkpoint
28-02-2014 21:48:01 OTL Restore Point - 2/28/2014 4:47:56 PM
01-03-2014 16:48:03 OTL Restore Point - 3/1/2014 11:47:41 AM

==================== Hosts content: ==========================

2004-08-04 07:00 - 2013-01-18 18:06 - 00444654 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-15 15:46 - 2010-07-15 15:46 - 00300368 _____ () C:\Program Files\Sunbelt Software\CounterSpy\Vipre.dll
2011-04-30 17:06 - 2014-02-07 10:24 - 00190752 _____ () C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
2011-04-30 17:06 - 2014-02-07 10:24 - 00178464 _____ () C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
2005-12-22 16:28 - 2005-12-22 16:28 - 00160768 _____ () C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll
2009-04-23 19:46 - 2009-04-23 19:46 - 00181312 _____ () C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
2014-02-15 08:17 - 2014-02-15 08:17 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-20 18:09 - 2014-02-20 18:09 - 16265096 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB36814$:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19989129.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80134462.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19989129.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80134462.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2014 05:45:23 PM) (Source: LogMeIn Guardian) (User: FIRSTBUILD)
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: '9e0afe7d6c4d329cdc4b530a5ad4278a'.

Error: (02/23/2014 05:34:50 PM) (Source: LogMeIn Guardian) (User: FIRSTBUILD)
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: 'a4e3c7b264ea899a31b1a7ac5a1fbfd8'.

Error: (02/12/2014 05:22:30 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/17/2014 10:45:07 AM) (Source: Application Error) (User: )
Description: Faulting application redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, fault address 0x0014be2a.
Processing media-specific event for [redemptioncemetery3_gravetestimonyce.exe!ws!]

Error: (01/16/2014 10:00:11 PM) (Source: Application Error) (User: )
Description: Faulting application redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, fault address 0x0014be2a.
Processing media-specific event for [redemptioncemetery3_gravetestimonyce.exe!ws!]

Error: (01/16/2014 09:44:30 PM) (Source: Application Error) (User: )
Description: Faulting application redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, fault address 0x0014be2a.
Processing media-specific event for [redemptioncemetery3_gravetestimonyce.exe!ws!]

Error: (01/16/2014 09:43:40 PM) (Source: Application Error) (User: )
Description: Faulting application redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, faulting module redemptioncemetery3_gravetestimonyce.exe, version 0.0.0.0, fault address 0x0014be2a.
Processing media-specific event for [redemptioncemetery3_gravetestimonyce.exe!ws!]

Error: (01/12/2014 08:26:36 PM) (Source: Application Error) (User: )
Description: Faulting application redemptioncemetery2childrensplightce.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [redemptioncemetery2childrensplightce.exe!ws!]

Error: (12/24/2013 01:44:47 PM) (Source: Application Error) (User: )
Description: Faulting application PDEngine.exe, version 12.0.0.275, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [PDEngine.exe!ws!]

Error: (12/19/2013 01:22:19 PM) (Source: Application Error) (User: )
Description: Faulting application hpscan.exe, version 28.0.1315.0, faulting module hpscan.exe, version 28.0.1315.0, fault address 0x000052d9.
Processing media-specific event for [hpscan.exe!ws!]


System errors:
=============
Error: (03/01/2014 04:17:23 PM) (Source: Service Control Manager) (User: )
Description: The ProtexisLicensing service failed to start due to the following error:
%%1053

Error: (03/01/2014 04:17:23 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.

Error: (03/01/2014 04:17:23 PM) (Source: Service Control Manager) (User: )
Description: The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error: (03/01/2014 04:17:23 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.

Error: (03/01/2014 04:15:28 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/01/2014 00:30:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/01/2014 00:30:57 PM) (Source: Service Control Manager) (User: )
Description: The ProtexisLicensing service failed to start due to the following error:
%%1053

Error: (03/01/2014 00:30:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.

Error: (03/01/2014 00:30:57 PM) (Source: Service Control Manager) (User: )
Description: The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error: (03/01/2014 00:30:57 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 2047.02 MB
Available physical RAM: 1277.93 MB
Total Pagefile: 3941.18 MB
Available Pagefile: 3365.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.64 MB

==================== Drives ================================

Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:204.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:149.33 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:415.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: F0128678)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

OTL custom scan log:

OTL logfile created on: 3/1/2014 4:30:14 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.01% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 204.82 Gb Free Space | 68.71% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 149.33 Gb Free Space | 32.06% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 415.79 Gb Free Space | 89.27% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf >
"" = @SYS:Software\Swearware\dump

< End of report >
  • 0

#8
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hi,

I would like to try this fix to address your autoplay problem, then continue on with the malware removal.
Looking good so far :thumbsup: Make sure to stick around until the end to make sure you don't get re-infected.
There are a lot of steps here, so take all the time you need.


Step 1
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{EF8CA572-5715-47F4-9829-1C110E04F599}: "URL" = http://gb.iamwired.n...h={SearchTerms}
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf ]
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step 3
Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run as administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 4
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 5
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

and last (for now)
Step 6
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

BASESERVICES
/md5start
redbook.sys
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Please post the log that this produces in your next response

In your next reply I would like to see:
  • How is the autoplay doing now?
  • OTL fix log
  • ADWcleaner log
  • Junkware Removal Tool log
  • Checkup.txt from Security Check.
  • OTL custom scan

  • 0

#9
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
Crowbar, I followed all your instructions. AutoPlay still doesn't work. Requested logs are provided below.

OTL fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EF8CA572-5715-47F4-9829-1C110E04F599}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF8CA572-5715-47F4-9829-1C110E04F599}\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf \ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Robert
->Temp folder emptied: 27866477 bytes
->Temporary Internet Files folder emptied: 1616070 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65988125 bytes
->Flash cache emptied: 697 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 91.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03022014_131627

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ADW log

# AdwCleaner v3.020 - Report created 02/03/2014 at 13:23:51
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Robert - FIRSTBUILD
# Running from : C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [1263 octets] - [20/02/2014 22:07:44]
AdwCleaner[R3].txt - [1078 octets] - [02/03/2014 13:22:48]
AdwCleaner[S2].txt - [1335 octets] - [20/02/2014 22:09:17]
AdwCleaner[S3].txt - [1001 octets] - [02/03/2014 13:23:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1061 octets] ##########

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Robert on Sun 03/02/2014 at 13:29:20.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Robert\Application Data\big fish games"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/02/2014 at 13:34:21.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Security Check log

Results of screen317's Security Check version 0.99.79
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Smart Security
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Out of date HijackThis installed!
Spy Sweeper Updater 2.0.0 Alpha 4000
CounterSpy
Spybot - Search & Destroy
Windows Defender
Windows Defender Signatures
Trojan Remover 6.8.3
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
CCleaner
Adobe Flash Player 12.0.0.70
Mozilla Firefox (27.0.1)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````

OTL Custom Scan log

OTL logfile created on: 3/2/2014 1:49:45 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 66.90% Memory free
3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.10% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 204.69 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 149.33 Gb Free Space | 32.06% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 410.26 Gb Free Space | 88.08% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2014/02/15 08:17:30 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 01:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 08:17:29 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2005/12/22 16:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 18:09:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 08:17:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/07/07 11:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/23 23:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 20:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 19:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 07:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013/11/26 09:46:08 | 000,120,616 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/03/31 13:32:54 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/06/30 10:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011/06/30 10:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/06/14 13:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 13:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 06:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/08 21:52:45 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/10/24 22:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/10/24 22:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/10/24 22:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 22:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/02/06 13:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 13:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 21:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 21:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 21:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2007/01/14 14:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 15:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 04:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://easy-google-s...h.blogspot.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...=ISO-8859-1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/02 05:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2013/09/26 21:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions
[2014/02/15 08:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 08:17:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/01/18 18:06:45 | 000,444,654 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108839
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343529479926 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 17:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-789336058-725345543-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/02 13:28:16 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 13:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/02 13:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/03/02 13:12:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 16:23:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/01 16:23:07 | 001,144,320 | ---- | C] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 16:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2014/03/01 12:11:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/01 11:54:16 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/03/01 11:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/28 16:43:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/24 22:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Start Menu\Programs\Sonya Collectors Edition
[2014/02/24 22:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2014/02/24 16:50:23 | 000,000,000 | ---D | C] -- C:\HP Scans
[2014/02/23 17:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
[2014/02/22 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2014/02/22 22:45:10 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2014/02/22 22:45:08 | 000,122,880 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2014/02/22 15:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2014/02/19 23:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
[2014/02/15 14:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/02/15 08:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 17:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/11 16:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2014/02/04 20:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2014/02/04 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2008/08/16 08:32:00 | 000,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Robert\utorrent.exe
[2007/03/23 16:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/03/02 13:47:22 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 13:28:16 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 13:26:24 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/02 13:25:29 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/03/02 13:25:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/02 13:25:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/02 13:21:59 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 13:14:29 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/02 13:12:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/02 13:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/02 13:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/02 12:20:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2014/03/01 16:23:07 | 001,144,320 | ---- | M] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 16:14:31 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 14:57:20 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2014/03/01 12:18:57 | 000,869,456 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/03/01 11:54:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/25 13:55:45 | 000,354,923 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 22:31:28 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Sonya Collectors Edition.lnk
[2014/02/24 20:13:57 | 001,376,794 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 16:56:36 | 000,235,620 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 12:21:31 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:39 | 000,141,685 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:04 | 000,056,752 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:34 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 18:55:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk
[2014/02/12 17:26:13 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 17:26:13 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 16:57:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/06 13:00:00 | 000,112,640 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

========== Files Created - No Company Name ==========

[2014/03/02 13:47:22 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 13:21:59 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 13:14:29 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/01 16:14:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 12:18:57 | 000,869,456 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/02/25 13:55:45 | 000,354,923 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 22:31:28 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Sonya Collectors Edition.lnk
[2014/02/24 20:13:57 | 001,376,794 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 21:27:46 | 000,282,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/23 16:56:36 | 000,235,620 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 22:45:11 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/22 22:45:10 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/22 22:45:10 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/22 22:45:02 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/22 12:21:44 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:44 | 000,141,685 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:07 | 000,056,752 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:43 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/12 16:52:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 19:49:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/18 19:48:06 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/18 19:48:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/07/18 19:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/07/18 19:46:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/04/06 21:47:47 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Robert\April 6. 2013 Devious.sud
[2013/03/31 13:32:54 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/03 21:24:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2011/01/27 18:55:00 | 000,028,953 | ---- | C] () -- C:\Documents and Settings\Robert\Superior Account.pdf
[2010/12/13 17:01:00 | 000,661,626 | ---- | C] () -- C:\Documents and Settings\Robert\Toesy.jpg
[2010/11/02 22:03:23 | 000,256,334 | ---- | C] () -- C:\Documents and Settings\Robert\B4635100
[2010/10/24 16:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 17:41:54 | 005,257,216 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
[2008/09/10 23:20:31 | 050,495,934 | ---- | C] () -- C:\Documents and Settings\Robert\ALC880_882_Vista_6015350.zip
[2008/08/30 11:14:22 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\netstat.bat
[2007/12/31 09:03:09 | 003,435,064 | ---- | C] () -- C:\Documents and Settings\Robert\Rotel 812 Repair Manual.pdf
[2007/11/25 22:46:48 | 000,000,123 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/25 13:19:48 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2007/03/23 16:38:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ezpinst.exe
[2007/03/23 16:38:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2007/03/23 16:38:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2007/01/25 22:46:40 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2006/09/30 23:17:08 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu.daa
[2006/07/26 16:35:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Robert\mylist.dat
[2006/07/25 16:22:41 | 000,002,863 | ---- | C] () -- C:\Documents and Settings\Robert\report.htm
[2006/06/11 02:32:06 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/09 22:03:02 | 000,361,512 | ---- | C] ( ) -- C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe

========== ZeroAccess Check ==========

[2014/02/15 13:16:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB36814$\2832607000\L
[2014/02/15 13:15:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB36814$\2832607000\U
[2007/01/16 17:22:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/25 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/10/25 18:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/04/19 17:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2014/01/20 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2007/11/25 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 22:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 12:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 16:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/09/26 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2010/01/18 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/10/27 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2007/07/19 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/07/07 11:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/06/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2014/02/23 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/23 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/11/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Odian Games
[2007/04/30 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2013/07/11 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/01 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/02/28 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/04/21 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 08:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/10 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2014/03/02 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2012/01/28 17:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2013/07/12 16:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2014/02/04 18:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2012/07/30 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artifex Mundi
[2013/05/10 19:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artogon
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2014/02/14 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/19 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Blue Tea Games
[2014/02/15 11:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2012/12/09 21:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Brabl
[2012/07/30 13:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Casual Box
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\casualArts
[2013/10/06 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Chayowo Games
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DailyMagic
[2013/10/07 11:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DanceOfDeath
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2014/02/04 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2007/01/07 00:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2012/08/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2007/01/16 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2014/01/20 19:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Eipix
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Elephant Games
[2011/03/26 10:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 21:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2013/03/19 15:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EntwinedSoD
[2014/02/19 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2013/03/09 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EurekaLog
[2013/12/04 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FarmMystery
[2014/01/05 22:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FGS
[2014/01/12 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Frogwares
[2012/07/07 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/07/02 09:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2014/02/15 14:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/01/17 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gunnar Games
[2012/04/02 15:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HdO Adventure
[2011/03/25 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 00:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/06 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 11:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2012/09/27 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Jetdogs Studios
[2007/03/28 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 22:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2013/11/08 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mad Head Games
[2013/01/16 17:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MagicIndie
[2008/05/15 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2014/01/26 21:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2008/08/28 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2013/12/12 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Meridian93
[2014/02/11 16:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2011/04/18 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 18:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2013/04/17 21:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Organic 2 Digital
[2012/08/17 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2013/07/12 14:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PuzzleLab
[2007/01/25 20:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2012/12/09 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Skunk Studios
[2008/05/08 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2014/02/24 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Specialbit
[2011/01/08 17:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\The Inquisitor
[2012/07/07 10:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TripleHippo
[2010/07/25 16:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2014/03/02 13:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2013/10/22 21:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vast Studios
[2010/10/16 17:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 12:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 17:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< MD5 for: REDBOOK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2010/07/08 21:50:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2010/07/08 21:50:08 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2004/08/03 17:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
[2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\redbook.sys
[2014/03/01 12:12:32 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B

< End of report >
  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
For the Autoplay issue, I had a space at the end of the registry key that I wanted to delete, so it failed. :blush:
I am concerned that part of the ZA infection has appeared again, but it might be a piece that I somehow missed.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    [2014/02/15 13:16:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB36814$\2832607000\L
    [2014/02/15 13:15:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB36814$\2832607000\U
    [2007/01/16 17:22:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
    @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 2
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Step 3
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
    :commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.



In your next reply I would like to see:
  • Combofix log
  • OTL log from the last run
  • After this round, how is the autoplay?

  • 0

Advertisements


#11
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
Crowbar, I won't be able to do your steps until late afternoon today (around 5pm EST.)
  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Crowbar, I won't be able to do your steps until late afternoon today (around 5pm EST.)


No problem. I will be at a birthday dinner tonight, so I will be unavailable, but I will be back on it in the morning.
Not sure if you are, but I am in the Eastern time zone.
  • 0

#13
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
Crowbar, I hope you had an enjoyable birthday dinner last night!

I followed your instructions. AutoPlay still doesn't work. When ComboFix ran, it said it detected ZeroAccess. I let it run as instructed. Logs below.

Also, after rebooting, there is an icon on my desktop (sort of greyed out) that reads Thumbs.db. What is that for?

One more thing, which may be significant. When phillpower2 was helping me out, one of the tools he asked me to install was a Windows Autoplay fix tool. At the time, I ran it, but it said that everything was OK. After completing your instructions from your last post, I ran the tool again for each drive, and this time it didn't say OK, but instead provided the choice to Repair. I didn't repair anything, and just closed the tool, figuring it's best to wait for your instructions (as you requested in your first post). Hopefully the light is beginning to shine at the end of the tunnel!

ComboFix 14-03-03.02 - Robert 03/03/2014 16:47:10.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1454 [GMT -5:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\_000016_.tmp.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2014-02-03 to 2014-03-03 )))))))))))))))))))))))))))))))
.
.
2014-03-02 18:14 . 2014-03-02 18:14 -------- d-----w- c:\program files\ERUNT
2014-03-01 21:23 . 2014-03-01 21:25 -------- d-----w- C:\FRST
2014-03-01 17:11 . 2014-03-01 17:11 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-01 16:47 . 2014-03-01 16:47 -------- d-----w- C:\_OTL
2014-02-25 03:30 . 2014-02-25 03:30 -------- d-----w- c:\program files\Games
2014-02-24 21:50 . 2014-02-25 18:55 -------- d-----w- C:\HP Scans
2014-02-23 22:24 . 2014-02-23 22:34 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\LogMeIn Client
2014-02-23 03:45 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2014-02-23 03:45 . 2013-03-17 17:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll
2014-02-23 03:45 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2014-02-23 03:45 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2014-02-23 03:45 . 2012-07-21 11:54 122880 ----a-w- c:\windows\system32\ac3acm.acm
2014-02-23 03:45 . 2014-02-06 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-02-15 19:08 . 2014-02-15 19:08 -------- d-----w- c:\documents and settings\Robert\Application Data\GrandMA Studios
2014-02-14 22:10 . 2014-02-14 22:10 -------- d-----w- c:\documents and settings\Robert\Application Data\BlamGames
2014-02-11 21:16 . 2014-02-11 21:16 -------- d-----w- c:\documents and settings\Robert\Application Data\MPC-HC
2014-02-05 01:19 . 2014-02-05 01:19 -------- d-----w- c:\documents and settings\Robert\Application Data\Deep Shadows
2014-02-04 23:24 . 2014-02-04 23:24 -------- d-----w- c:\documents and settings\Robert\Application Data\Anarchy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-01 17:12 . 2006-06-03 17:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2014-02-20 23:09 . 2012-08-13 20:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 23:09 . 2012-08-13 20:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-04 12:00 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="c:\windows\SkyTel.EXE" [2006-05-16 2879488]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359600]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-08-20 1348944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 1:23 PM 106208]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/30/2011 5:06 PM 21464]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2/6/2009 1:23 PM 727720]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [6/30/2011 10:08 AM 66320]
R2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [8/20/2010 8:16 AM 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/30/2011 5:06 PM 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [8/20/2010 8:15 AM 181584]
S1 SpyEmrg;Spy Emergency Driver; [x]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/4/2004 7:00 AM 3584]
S3 FLASHSYS;FLASHSYS; [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/31/2013 1:32 PM 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/23/2007 4:38 PM 47360]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/13/2010 6:56 AM 98392]
S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [9/21/2008 10:45 AM 598856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 23:09]
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 03:40]
.
2014-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://easy-google-search.blogspot.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://easy-google-search.blogspot.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-19989129.sys
SafeBoot-80134462.sys
SafeBoot-WinDefend
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-03 16:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-03 17:02:17
ComboFix-quarantined-files.txt 2014-03-03 22:02
.
Pre-Run: 219,456,090,112 bytes free
Post-Run: 219,447,840,768 bytes free
.
- - End Of File - - A27D1E547F7A6D34AFAD8B8945BEBC8E
8F558EB6672622401DA993E1E865C861

________________________________________________________________________________________
OTL Fix log
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\ deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 03032014_172233

Edited by Jackpine, 03 March 2014 - 05:09 PM.

  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hi there Jackpine -
Birthday thing went well, thank you.
After a certain age, it's great when you celebrate someone elses birthday, and not your own!! :lol:

I think we should await phillpower2's help on the autoplay issue at this point, so let's continue on the malware issue now....
Have you had Zone Alarm firewall on this system in the past?
Can you please check to make sure that System Restore is working for me?
Click Start then right click on My Computer
Click on Properties
In the System Properties box, click on the System Restore tab
Are any of the Turn off System Restore boxes checked? if so, please un check them.
Click on OK

Step 1
Now let's take a fresh look with OTL and make sure the infection has been zapped.

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

BASESERVICES
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post OTL.txt lin your next response

Step 2
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


In your next reply I would like to see:
  • OTL custom scan log
  • Combofix log

  • 0

#15
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
Crowbar,

Yes, I had ZoneAlarm firewall installed about 3 years ago. And yes, System Restore in On. Here are the logs. (By the way, when I ran ComboFix - this is the second time - it indicated that ZeroAccess was present. This is what it said the first time I ran it a few days ago.)

OTL Custom Scan log:

OTL logfile created on: 3/4/2014 4:35:57 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.91% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.79% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 204.84 Gb Free Space | 68.72% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 149.33 Gb Free Space | 32.06% Space Free | Partition Type: NTFS
Drive Z: | 465.76 Gb Total Space | 395.43 Gb Free Space | 84.90% Space Free | Partition Type: NTFS

Computer Name: FIRSTBUILD | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2010/08/20 08:38:44 | 001,348,944 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/02/06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/01/21 01:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/07 10:24:42 | 000,178,464 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libMachoUniv.dll
MOD - [2014/02/07 10:24:41 | 000,190,752 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\Definitions\libBase64.dll
MOD - [2010/07/15 15:46:26 | 000,300,368 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\vipre.dll
MOD - [2010/03/31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/03/08 21:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
MOD - [2005/12/22 16:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\CounterSpy\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/20 18:09:35 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 08:17:30 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 11:59:26 | 001,252,616 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2011/07/07 11:59:18 | 002,111,752 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV - [2010/09/01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/08/20 08:16:34 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/20 08:15:54 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2009/04/23 19:46:24 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/02/06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/23 23:02:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/10 20:19:52 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/04/20 19:46:20 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/08/04 07:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SpyEmrg)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NTACCESS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (FLASHSYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2013/11/26 09:46:08 | 000,120,616 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/03/31 13:32:54 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/06/30 10:08:24 | 000,066,320 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV - [2011/06/30 10:07:32 | 000,138,768 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2010/06/14 13:54:30 | 000,069,976 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/06/14 13:54:30 | 000,021,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2010/05/13 06:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/10/24 22:17:05 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm174.sys -- (tdrpman174)
DRV - [2009/10/24 22:16:58 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2009/10/24 22:16:58 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/24 22:16:55 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snman380.sys -- (snapman380)
DRV - [2009/02/06 13:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/02/06 13:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/02/06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/12/06 08:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/10/03 21:55:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/10/03 21:55:28 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/10/03 21:55:08 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2007/01/14 14:15:03 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/21 15:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/07/27 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2004/11/05 11:08:06 | 000,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/14 04:52:28 | 000,004,962 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://easy-google-search.blogspot.com
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://easy-google-search.blogspot.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...ie=ISO-8859-1="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/02 05:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2013/09/26 21:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\extensions
[2014/02/15 08:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 08:17:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2014/03/03 16:59:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-299502267-789336058-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-299502267-789336058-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220411993917 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343529479926 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 17:07:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-19..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-20..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-299502267-789336058-725345543-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 21:18:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/03 17:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/03/03 16:39:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/03 16:39:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/03 16:39:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/03 16:39:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/03 16:39:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/03 16:28:21 | 005,186,474 | R--- | C] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/02 13:28:16 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 13:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/03/02 13:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/03/02 13:12:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 16:23:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/01 16:23:07 | 001,144,320 | ---- | C] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 16:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2014/03/01 12:11:30 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/03/01 11:54:16 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/03/01 11:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/28 16:43:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/24 22:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Games
[2014/02/24 16:50:23 | 000,000,000 | ---D | C] -- C:\HP Scans
[2014/02/23 17:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\LogMeIn Client
[2014/02/22 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2014/02/22 22:45:10 | 003,649,536 | ---- | C] (x264vfw project) -- C:\WINDOWS\System32\x264vfw.dll
[2014/02/22 22:45:08 | 000,122,880 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2014/02/22 15:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
[2014/02/19 23:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\MPC-HC Capture
[2014/02/15 14:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/02/15 08:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 17:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/11 16:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2014/02/04 20:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2014/02/04 18:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2008/08/16 08:32:00 | 000,267,056 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Robert\utorrent.exe
[2007/03/23 16:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Robert\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/03/04 16:30:45 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
[2014/03/04 16:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/04 16:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/03 23:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/03 17:33:50 | 000,013,710 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/03 17:32:53 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/03/03 17:32:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/03 16:59:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/03 16:28:45 | 005,186,474 | R--- | M] (Swearware) -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2014/03/02 13:47:22 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 13:28:16 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\Robert\Desktop\JRT.exe
[2014/03/02 13:21:59 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 13:14:29 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/02 13:12:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Robert\Desktop\erunt_setup.exe
[2014/03/01 16:23:07 | 001,144,320 | ---- | M] (Farbar) -- C:\Documents and Settings\Robert\Desktop\FRST.exe
[2014/03/01 16:14:31 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 14:57:20 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
[2014/03/01 12:18:57 | 000,869,456 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/03/01 11:54:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Robert\Desktop\tdsskiller.exe
[2014/02/28 16:43:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2014/02/25 13:55:45 | 000,354,923 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 20:13:57 | 001,376,794 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 16:56:36 | 000,235,620 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 12:21:31 | 000,079,268 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:39 | 000,141,685 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:04 | 000,056,752 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:34 | 000,065,062 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/20 18:55:40 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Excel 2007.lnk
[2014/02/12 17:26:13 | 000,596,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 17:26:13 | 000,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 16:57:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/06 13:00:00 | 000,112,640 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

========== Files Created - No Company Name ==========

[2014/03/03 16:39:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/03 16:39:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/03 16:39:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/03 16:39:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/03 16:39:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/02 13:47:22 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\SecurityCheck.exe
[2014/03/02 13:21:59 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
[2014/03/02 13:14:29 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2014/03/01 16:14:25 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ServicesRepair.exe
[2014/03/01 12:18:57 | 000,869,456 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Norton_Removal_Tool.exe
[2014/02/25 13:55:45 | 000,354,923 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Scan0002.pdf
[2014/02/24 20:13:57 | 001,376,794 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles Documents.pdf
[2014/02/23 21:27:46 | 000,282,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/02/23 16:56:36 | 000,235,620 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\contract #3370972.pdf
[2014/02/22 22:45:13 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2014/02/22 22:45:11 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2014/02/22 22:45:10 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2014/02/22 22:45:10 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2014/02/22 22:45:02 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2014/02/22 12:21:44 | 000,079,268 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Direct Deposit form.pdf
[2014/02/22 12:20:44 | 000,141,685 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Little Miracles- Donor Responsibility Acknowledgement - Copy.pdf
[2014/02/22 12:19:07 | 000,056,752 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\Donor Acknowledgement.pdf
[2014/02/22 12:17:43 | 000,065,062 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\document.pdf
[2014/02/12 16:52:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 19:49:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/07/18 19:48:06 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/07/18 19:48:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/07/18 19:48:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/07/18 19:46:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2013/04/06 21:47:47 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\Robert\April 6. 2013 Devious.sud
[2013/03/31 13:32:54 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/03 21:24:54 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2011/01/27 18:55:00 | 000,028,953 | ---- | C] () -- C:\Documents and Settings\Robert\Superior Account.pdf
[2010/12/13 17:01:00 | 000,661,626 | ---- | C] () -- C:\Documents and Settings\Robert\Toesy.jpg
[2010/11/02 22:03:23 | 000,256,334 | ---- | C] () -- C:\Documents and Settings\Robert\B4635100
[2010/10/24 16:36:21 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\housecall.guid.cache
[2009/09/24 17:41:54 | 005,257,216 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\mfm2_database.dat
[2008/09/10 23:20:31 | 050,495,934 | ---- | C] () -- C:\Documents and Settings\Robert\ALC880_882_Vista_6015350.zip
[2008/08/30 11:14:22 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\netstat.bat
[2007/12/31 09:03:09 | 003,435,064 | ---- | C] () -- C:\Documents and Settings\Robert\Rotel 812 Repair Manual.pdf
[2007/11/25 22:46:48 | 000,000,123 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/08/25 13:19:48 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_audio.Cache
[2007/03/23 16:38:21 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ezpinst.exe
[2007/03/23 16:38:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.cat
[2007/03/23 16:38:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\pcouffin.inf
[2007/01/25 22:46:40 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\rx_image.Cache
[2006/09/30 23:17:08 | 000,014,958 | ---- | C] () -- C:\Documents and Settings\Robert\Start Menu.daa
[2006/07/26 16:35:26 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Robert\mylist.dat
[2006/07/25 16:22:41 | 000,002,863 | ---- | C] () -- C:\Documents and Settings\Robert\report.htm
[2006/06/11 02:32:06 | 000,218,624 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/09 22:03:02 | 000,361,512 | ---- | C] ( ) -- C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/10/25 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/04/05 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\casualArts
[2012/10/25 18:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games
[2011/03/04 18:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/22 20:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COSMOS Applications
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DailyMagic
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/04/19 17:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2014/01/20 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2007/11/25 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2009/04/12 22:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/12/28 22:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010/12/13 00:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/03/05 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GestaltGames
[2010/11/22 22:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 12:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2011/01/17 16:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2008/02/14 16:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/09/26 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happy Artist Studio
[2010/01/18 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/10/27 09:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitPoint Studios
[2007/07/19 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/07/07 11:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/06/12 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2011/02/24 17:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2014/02/23 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/23 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2011/12/26 15:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaArt
[2010/12/18 00:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2012/01/06 20:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Namco
[2012/11/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Odian Games
[2007/04/30 15:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2011/03/08 17:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/02/20 19:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009/09/20 22:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/04/29 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/04/29 20:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2013/07/11 10:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/01 18:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/02/28 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2012/04/21 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/18 08:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2011/03/04 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/10 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2014/03/03 20:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2012/01/28 17:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF
[2013/07/12 16:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2007/07/24 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/12/24 01:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/25 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Acronis
[2014/02/04 18:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Anarchy
[2012/07/30 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artifex Mundi
[2013/05/10 19:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Artogon
[2008/05/22 23:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Autodesk
[2014/02/14 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\BlamGames
[2014/02/19 16:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Blue Tea Games
[2014/02/15 11:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Boomzap
[2012/12/09 21:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Brabl
[2012/07/30 13:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Casual Box
[2012/10/26 18:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\casualArts
[2013/10/06 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Chayowo Games
[2010/08/14 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Curious Sense
[2013/12/05 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DailyMagic
[2013/10/07 11:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DanceOfDeath
[2008/07/10 20:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DassaultSystemes
[2014/02/04 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Deep Shadows
[2007/01/07 00:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Design Science
[2007/02/04 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Downloaded Installations
[2012/08/25 13:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DVDFab
[2007/01/16 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DWGeditor
[2014/01/20 19:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Eipix
[2013/12/23 17:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Elephant Games
[2011/03/26 10:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ElevatedDiagnostics
[2011/04/22 21:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Enki Games
[2013/03/19 15:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EntwinedSoD
[2014/02/19 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ERS Game Studios
[2009/04/12 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ESET
[2013/03/09 19:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\EurekaLog
[2013/12/04 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FarmMystery
[2014/01/05 22:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FGS
[2014/01/12 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Frogwares
[2012/07/07 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GameInvest
[2012/07/02 09:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gogii
[2014/02/15 14:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GrandMA Studios
[2014/01/17 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Gunnar Games
[2012/04/02 15:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\HdO Adventure
[2011/03/25 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IBAGroup
[2010/11/15 00:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IM
[2008/09/06 23:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ImgBurn
[2012/01/15 11:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\IObit
[2012/09/27 15:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Jetdogs Studios
[2007/03/28 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2011/02/20 22:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MA2
[2013/11/08 16:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mad Head Games
[2013/01/16 17:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MagicIndie
[2008/05/15 23:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Maple
[2014/01/26 21:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mariaglorum
[2008/08/28 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MenuShrink
[2013/12/12 20:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Meridian93
[2014/02/11 16:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\MPC-HC
[2011/04/18 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\My Games
[2012/01/06 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Namco
[2006/11/08 18:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Netscape
[2013/04/17 21:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Organic 2 Digital
[2012/08/17 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PFStaticIP
[2010/12/26 18:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Photodex
[2013/07/12 14:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\PuzzleLab
[2007/01/25 20:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G4
[2008/04/29 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2007/06/21 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Scooter Software
[2012/04/03 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2012/12/09 21:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Skunk Studios
[2008/05/08 18:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\sldIM
[2014/02/24 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Specialbit
[2011/01/08 17:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Spider Player
[2011/04/09 12:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SpinTop
[2012/06/30 19:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\The Inquisitor
[2012/07/07 10:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\TripleHippo
[2010/07/25 16:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\URSoft
[2014/03/04 16:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\uTorrent
[2013/10/22 21:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vast Studios
[2010/10/16 17:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\VirtualStore
[2011/04/10 14:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Vso
[2012/01/02 12:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WhiteBirdsProductions
[2006/07/14 17:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2004/08/04 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CNF >
[2006/06/10 08:19:28 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Robert\My Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013/04/05 17:13:54 | 000,001,634 | ---- | M] () MD5=733B1221EBE0DE0E7CCEF7C743F92BDB -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2008/09/02 19:18:50 | 000,001,602 | ---- | M] () MD5=72DDB125D92BBB9CA2F221568A630F4A -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SERVICES.ZIP >
[2012/07/07 22:31:41 | 000,876,996 | ---- | M] () MD5=CAC0A919FE55CAAFFAC56BAEFC037444 -- C:\Documents and Settings\All Users\Desktop\CC Support\Tools\ServicesRepair\Temp\Services.zip

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< MD5 for: WINSOCK.H >
[2008/05/15 22:53:58 | 000,016,913 | ---- | M] () MD5=BEF8ED9305E84CB948BA681F4287B68B -- C:\watcom-1.3\h\nt\winsock.h

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Boot Drive
Volume Serial Number is 5400-9B93
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/12/2014 04:59 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/12/2014 04:59 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/12/2014 04:54 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/12/2014 04:49 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 219,881,009,152 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C3D5A8B

< End of report >

ComboFix log:

ComboFix 14-03-04.03 - Robert 03/04/2014 16:59:25.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1466 [GMT -5:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robert\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2014-02-04 to 2014-03-04 )))))))))))))))))))))))))))))))
.
.
2014-03-02 18:14 . 2014-03-02 18:14 -------- d-----w- c:\program files\ERUNT
2014-03-01 21:23 . 2014-03-01 21:25 -------- d-----w- C:\FRST
2014-03-01 17:11 . 2014-03-01 17:11 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-01 16:47 . 2014-03-01 16:47 -------- d-----w- C:\_OTL
2014-02-24 21:50 . 2014-02-25 18:55 -------- d-----w- C:\HP Scans
2014-02-23 22:24 . 2014-02-23 22:34 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\LogMeIn Client
2014-02-23 03:45 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2014-02-23 03:45 . 2013-03-17 17:21 3649536 ----a-w- c:\windows\system32\x264vfw.dll
2014-02-23 03:45 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2014-02-23 03:45 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2014-02-23 03:45 . 2012-07-21 11:54 122880 ----a-w- c:\windows\system32\ac3acm.acm
2014-02-23 03:45 . 2014-02-06 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2014-02-15 19:08 . 2014-02-15 19:08 -------- d-----w- c:\documents and settings\Robert\Application Data\GrandMA Studios
2014-02-14 22:10 . 2014-02-14 22:10 -------- d-----w- c:\documents and settings\Robert\Application Data\BlamGames
2014-02-11 21:16 . 2014-02-11 21:16 -------- d-----w- c:\documents and settings\Robert\Application Data\MPC-HC
2014-02-05 01:19 . 2014-02-05 01:19 -------- d-----w- c:\documents and settings\Robert\Application Data\Deep Shadows
2014-02-04 23:24 . 2014-02-04 23:24 -------- d-----w- c:\documents and settings\Robert\Application Data\Anarchy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-01 17:12 . 2006-06-03 17:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2014-02-20 23:09 . 2012-08-13 20:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 23:09 . 2012-08-13 20:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-04 12:00 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="c:\windows\SkyTel.EXE" [2006-05-16 2879488]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359600]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-08-20 1348944]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *SBBD.exe /d \Device\HarddiskVolume1\Program Files\Sunbelt Software\CounterSpy\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 1:23 PM 106208]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/30/2011 5:06 PM 21464]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2/6/2009 1:23 PM 727720]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [6/30/2011 10:08 AM 66320]
R2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [8/20/2010 8:16 AM 2763080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/30/2011 5:06 PM 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [8/20/2010 8:15 AM 181584]
S1 SpyEmrg;Spy Emergency Driver; [x]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/4/2004 7:00 AM 3584]
S3 FLASHSYS;FLASHSYS; [x]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/31/2013 1:32 PM 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [3/23/2007 4:38 PM 47360]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/13/2010 6:56 AM 98392]
S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [9/21/2008 10:45 AM 598856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 23:09]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 03:40]
.
2014-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://easy-google-search.blogspot.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.msn.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: NameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://easy-google-search.blogspot.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-04 17:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-299502267-789336058-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-04 17:13:48
ComboFix-quarantined-files.txt 2014-03-04 22:13
ComboFix2.txt 2014-03-03 22:02
.
Pre-Run: 219,812,556,800 bytes free
Post-Run: 219,835,297,792 bytes free
.
- - End Of File - - 277FBA748A6EF398AC9478D663C48AC2
8F558EB6672622401DA993E1E865C861



  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP