Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Undetectable Virus or Malware freezes mouse cursor and makes fan run

Started by koolkat1939 , Jul 27 2016 11:49 AM

Please log in to reply

#1
koolkat1939

Posted 27 July 2016 - 11:49 AM

Member

Member
27 posts

:yes: Hi I have a Microsoft Windows XP Home Edition Version 2002 Service Pack 3. For several months

I have this Virus or Malware that freezes my mouse cursor , makes my fan constantly run when I run a Anti -Virus or Anti - Spyware scan and the fan runs when I try to watch videos or play video games. It also makes Firefox start up slow.

My mouse will work in Safe Mode and I've gotten the mouse to sort of work in Normal Mode by going to Mouse Properties and check marking Display pointer trails.

I've tried scanning with everything from Panda,Avast,Avira,Malwarebytes,SuperAntiSpyware,several Root Kit Scanners, you name it and nothing is detecting it . :smashcomp: It's very frustrating !

I even tried reinstalling my OS with Back-up and that didn't work . Right now my DVD-drive is busted so I can't do a Full Clean install of my OS and I don't want to lose my stuff.

---------------------------------------------------------------------------------------------------------------------

Can someone help me ? Here are my FRST logs :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Owner (administrator) on YOUR-CF6AE05ECC (27-07-2016 09:49:48)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\readericon45G.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14820864 2005-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [readericon] => C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [BDAntiCryptoLocker] => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1242144 2016-05-16] ()
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [Uniblue SpeedUpMyPC] => C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [9495832 2007-08-16] (Uniblue Software)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-07-21] (SUPERAntiSpyware)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0A0959AE-0881-49E2-93CD-40CF9768F46D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-676961170-3691123601-236142853-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1410404456937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-16]
FF Extension: CS Lite Mod - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-04-28]
FF Extension: BetterPrivacy - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-06]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-07-03]
FF Extension: Ghostery - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\[email protected] [2016-07-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-12] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2014-07-07] (Windows ® 2000 DDK provider) [File not signed]
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2016-07-27] (Malwarebytes)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-07-26] ()
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540112 2016-03-24] (Check Point Software Technologies Ltd.)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 asdids; no ImagePath
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S1 epp32; \??\C:\EEK\bin\epp32.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\B.tmp [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 09:49 - 2016-07-27 09:51 - 00015641 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-07-27 09:36 - 2016-07-27 09:37 - 01744384 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-07-27 06:42 - 2015-05-22 01:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-07-06 08:11 - 2016-07-06 08:11 - 00001060 _____ C:\stop sign.txt
2016-06-28 12:56 - 2016-06-28 13:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 09:51 - 2014-11-17 19:34 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-07-27 09:49 - 2016-06-20 09:19 - 00000000 ____D C:\FRST
2016-07-27 09:47 - 2004-08-26 11:09 - 00000000 ____D C:\Documents and Settings\Owner
2016-07-27 09:38 - 2016-06-23 12:05 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\v
2016-07-27 07:08 - 2014-08-01 17:27 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Macromedia
2016-07-27 06:56 - 2014-11-18 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-07-27 06:56 - 2014-08-04 18:04 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-07-27 06:53 - 2014-09-01 12:12 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-27 06:44 - 2014-07-07 20:58 - 00000000 ____D C:\WINDOWS\system32\Lang
2016-07-27 06:44 - 2014-07-07 09:32 - 00030277 _____ C:\WINDOWS\system32\nvapps.xml
2016-07-27 06:41 - 2004-08-26 11:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-27 06:39 - 2015-05-17 09:09 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-27 06:39 - 2015-03-16 14:21 - 17367040 _____ C:\WINDOWS\system32\config\Nano.evt
2016-07-27 06:39 - 2004-08-26 11:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-07-27 06:35 - 2014-08-02 17:51 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-26 17:16 - 2014-02-18 16:34 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Michael's Stuff
2016-07-26 07:30 - 2014-08-26 19:07 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-25 19:09 - 2016-05-09 12:19 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 4
2016-07-25 19:01 - 2015-11-28 13:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 3
2016-07-25 19:01 - 2005-07-19 18:40 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Music
2016-07-25 18:59 - 2015-06-11 08:32 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 2
2016-07-25 15:07 - 2014-08-02 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-07-25 12:14 - 2015-01-13 18:10 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Commercials
2016-07-22 05:34 - 2015-02-20 11:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-21 20:04 - 2014-07-08 05:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2016-07-20 12:49 - 2014-08-13 07:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-07-17 18:24 - 2014-09-23 17:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2016-07-17 18:23 - 2014-08-03 18:32 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-17 18:23 - 2014-08-03 18:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-17 18:23 - 2004-08-26 11:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 06:11 - 2004-08-26 09:12 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-13 05:53 - 2014-07-08 05:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 05:44 - 2014-07-08 05:56 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-28 17:19 - 2014-07-08 07:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-27 12:54 - 2016-03-30 12:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BDAntiRansomware

==================== Files in the root of some directories =======

2015-03-21 18:49 - 2015-03-22 10:32 - 0147298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2015-03-21 18:50 - 2015-03-22 10:32 - 0442298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2014-07-17 16:24 - 2016-06-25 08:54 - 0007680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-21 18:25 - 2015-03-21 18:25 - 0000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2015-03-21 18:36 - 2015-03-22 09:31 - 0000010 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\sponge.last.runtime.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

-----------------------------------------------------------------------------------------------------------------------

:unsure: Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Owner (2016-07-27 09:52:32)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2014-07-07 16:26:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-676961170-3691123601-236142853-500 - Administrator - Enabled)
Guest (S-1-5-21-676961170-3691123601-236142853-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-676961170-3691123601-236142853-1004 - Limited - Disabled)
Owner (S-1-5-21-676961170-3691123601-236142853-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-676961170-3691123601-236142853-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
AnyBurn (HKLM\...\AnyBurn) (Version: 3.1 - Power Software Ltd)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version: - dvd8n)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Digital Media Reader (HKLM\...\InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}) (Version: 2.01.00.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.00.02 - AlcorMicro) Hidden
Flash Cookie Cleaner (HKLM\...\{E4E1D7C7-6561-4462-96B5-E6439488ED41}) (Version: 2.0 - ConsumerSoft)
J2SE Runtime Environment 5.0 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150020}) (Version: 1.5.0.20 - Sun Microsystems, Inc.)
K-Lite Mega Codec Pack 10.5.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version: - Virtuoza)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - CyberLink Corporation)
Privacy Eraser Pro (HKLM\...\{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1) (Version: Privacy Eraser Pro 7.0 - PrivacyEraser Computing, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.96 - Realtek Semiconductor Corp.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Uniblue PowerSuite (HKLM\...\SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1) (Version: - Uniblue)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
ZoneAlarm Firewall (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2014-07-25 17:11 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2016-03-30 12:55 - 2016-05-16 16:25 - 01242144 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
2016-03-30 12:55 - 2015-08-14 14:49 - 00504320 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDMetrics.dll
2016-04-23 07:57 - 2016-04-15 17:11 - 00023968 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33765952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58187037.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81294670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33765952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58187037.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81294670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-05-26 21:02 - 2015-03-24 19:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-676961170-3691123601-236142853-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

27-04-2016 11:37:37 System Checkpoint
28-04-2016 17:39:14 System Checkpoint
30-04-2016 11:01:06 System Checkpoint
01-05-2016 17:39:09 System Checkpoint
03-05-2016 03:41:33 System Checkpoint
04-05-2016 11:00:49 System Checkpoint
05-05-2016 11:42:16 System Checkpoint
06-05-2016 12:29:10 System Checkpoint
07-05-2016 12:33:08 System Checkpoint
08-05-2016 13:14:25 System Checkpoint
10-05-2016 09:35:49 System Checkpoint
11-05-2016 04:56:30 Software Distribution Service 3.0
12-05-2016 07:20:07 System Checkpoint
13-05-2016 11:50:49 System Checkpoint
14-05-2016 17:00:25 System Checkpoint
16-05-2016 10:17:50 System Checkpoint
17-05-2016 16:46:23 System Checkpoint
18-05-2016 19:10:09 System Checkpoint
20-05-2016 09:28:52 System Checkpoint
21-05-2016 09:59:36 System Checkpoint
22-05-2016 10:13:16 System Checkpoint
23-05-2016 10:25:53 System Checkpoint
24-05-2016 12:03:10 System Checkpoint
25-05-2016 13:28:21 System Checkpoint
27-05-2016 12:23:48 System Checkpoint
29-05-2016 07:42:05 System Checkpoint
30-05-2016 09:22:13 System Checkpoint
31-05-2016 09:36:50 System Checkpoint
03-06-2016 02:56:16 System Checkpoint
04-06-2016 10:46:36 System Checkpoint
05-06-2016 14:30:08 System Checkpoint
06-06-2016 15:22:03 System Checkpoint
07-06-2016 15:57:44 System Checkpoint
08-06-2016 17:36:32 System Checkpoint
10-06-2016 07:56:13 System Checkpoint
11-06-2016 09:06:30 JRT Pre-Junkware Removal
12-06-2016 10:49:03 System Checkpoint
13-06-2016 15:25:34 System Checkpoint
15-06-2016 06:11:27 Software Distribution Service 3.0
16-06-2016 08:50:55 System Checkpoint
17-06-2016 12:13:04 System Checkpoint
19-06-2016 10:00:47 System Checkpoint
20-06-2016 12:37:29 System Checkpoint
22-06-2016 15:34:20 System Checkpoint
24-06-2016 14:07:46 System Checkpoint
27-06-2016 07:10:59 System Checkpoint
28-06-2016 12:01:37 System Checkpoint
29-06-2016 13:24:44 System Checkpoint
01-07-2016 14:06:40 System Checkpoint
03-07-2016 11:30:22 System Checkpoint
04-07-2016 12:04:04 System Checkpoint
05-07-2016 18:03:11 System Checkpoint
06-07-2016 19:10:28 System Checkpoint
08-07-2016 07:04:17 System Checkpoint
09-07-2016 10:57:50 System Checkpoint
10-07-2016 11:25:40 System Checkpoint
11-07-2016 11:30:34 System Checkpoint
13-07-2016 05:41:32 Software Distribution Service 3.0
14-07-2016 10:05:24 System Checkpoint
16-07-2016 09:25:39 System Checkpoint
18-07-2016 06:58:31 System Checkpoint
19-07-2016 07:29:58 System Checkpoint
20-07-2016 12:19:31 System Checkpoint
23-07-2016 07:05:02 System Checkpoint
24-07-2016 07:38:28 System Checkpoint
26-07-2016 08:55:38 System Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2016 07:19:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup(1).tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/26/2016 07:17:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/26/2016 07:14:59 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1933422429.

Error: (07/26/2016 07:14:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup(1).tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/14/2016 01:10:24 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 111659915.

Error: (07/14/2016 01:10:20 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 111659915.

Error: (07/14/2016 01:10:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashCookieCleaner.exe, version 2.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/14/2016 01:10:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashCookieCleaner.exe, version 2.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/13/2016 10:20:52 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 188974217.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/13/2016 10:19:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PSANHost.exe, version 4.0.0.785, faulting module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.
Processing media-specific event for [PSANHost.exe!ws!]

System errors:
=============
Error: (07/27/2016 06:42:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32

Error: (07/27/2016 06:42:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126 = The specified module could not be found.

Error: (07/27/2016 06:37:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/27/2016 06:37:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (07/27/2016 06:37:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2016 06:37:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/27/2016 06:37:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/27/2016 06:13:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32

Error: (07/27/2016 06:12:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126 = The specified module could not be found.

Error: (07/26/2016 04:56:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3400+
Percentage of memory in use: 45%
Total physical RAM: 895.36 MB
Available physical RAM: 492.27 MB
Total Virtual: 2167.24 MB
Available Virtual: 1494.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:181.87 GB) (Free:30.88 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=181.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.4 GB) - (Type=0B)

==================== End of Addition.txt ============================

#2
RKinner

Posted 27 July 2016 - 05:45 PM

Malware Expert

Expert
24,625 posts

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top about 10 lines down.) Save the file. Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File)

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#3
koolkat1939

Posted 27 July 2016 - 06:06 PM

Member

Topic Starter
Member
27 posts

Do I need to close out Firefox before I run these programs ?

#4
koolkat1939

Posted 27 July 2016 - 06:33 PM

Member

Topic Starter
Member
27 posts

Process Explorer keeps jumping around in the columns.

Process Explorer report : The attachment is from Speccy.

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   VirusTotal   Verified Signer
System Idle Process   95.31   0 K   28 K   0
wmiprvse.exe   1.56   4,720 K   6,608 K   1956   WMI   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
procexp.exe   1.56   12,640 K   30,828 K   2484   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com       (Verified) Microsoft Corporation
Interrupts   1.56   0 K   0 K   n/a   Hardware Interrupts and DPCs
zatray.exe       53,808 K   5,088 K   3464   ZoneAlarm   Check Point Software Technologies Ltd.       (Verified) Check Point Software Technologies Ltd.
ZAPrivacyService.exe       17,376 K   3,884 K   388   ZAPrivacyService   Check Point Software Technologies, Ltd.       (Verified) Check Point Software Technologies Ltd.
wmiprvse.exe       1,812 K   5,168 K   3256   WMI   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
winlogon.exe       5,884 K   1,684 K   164   Windows NT Logon Application   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
vsmon.exe       31,020 K   21,324 K   1252   ZoneAlarm   Check Point Software Technologies Ltd.       (Verified) Check Point Software Technologies Ltd.
unsecapp.exe       1,352 K   1,060 K   3220   WMI   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
System       0 K   80 K   4
svchost.exe       20,792 K   13,536 K   640   Generic Host Process for Win32 Services   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
svchost.exe       3,012 K   1,600 K   444   Generic Host Process for Win32 Services   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
svchost.exe       1,912 K   1,572 K   492   Generic Host Process for Win32 Services   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
svchost.exe       1,724 K   1,452 K   744   Generic Host Process for Win32 Services   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
svchost.exe       3,524 K   1,224 K   1000   Generic Host Process for Win32 Services   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
svchost.exe       1,428 K   144 K   1188   Generic Host Process for Win32 Services   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
svchost.exe       1,620 K   236 K   3136   Generic Host Process for Win32 Services   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
SUPERANTISPYWARE.EXE       91,528 K   4,552 K   3704   SUPERAntiSpyware Application   SUPERAntiSpyware       (Verified) SUPERAntiSpyware.com
spoolsv.exe       4,108 K   1,636 K   1844   Spooler SubSystem App   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
smss.exe       180 K   68 K   1964   Windows NT Session Manager   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
services.exe       1,924 K   2,028 K   216   Services and Controller app   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
SASCore.exe       1,728 K   204 K   1236   Core Service   SUPERAntiSpyware.com       (Verified) SUPERAntiSpyware.com
rundll32.exe       2,020 K   312 K   2184   Run a DLL as an App   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
RTHDCPL.EXE       35,584 K   30,940 K   1952   Realtek HD Audio Control Panel   Realtek Semiconductor Corp.       (Verified) Microsoft Windows Hardware Compatibility Publisher
readericon45G.exe       2,028 K   400 K   2864   Sunkist   Alcor Micro, Corp.       (No signature was present in the subject) Alcor Micro, Corp.
PSUAService.exe       13,100 K   264 K   1740   PSUAService   Panda Security, S.L.       (Verified) Panda Security S.L
PSUAMain.exe       26,400 K   436 K   3620   AV Console   Panda Security, S.L.       (Verified) Panda Security S.L
PSANHost.exe       131,240 K   22,612 K   1644   Application Host Service   Panda Security, S.L.       (Verified) Panda Security S.L
PDVDServ.exe       888 K   324 K   2096   PowerDVD RC Service   Cyberlink Corp.       (No signature was present in the subject) Cyberlink Corp.
nvsvc32.exe       2,068 K   388 K   1676   NVIDIA Driver Helper Service, Version 81.33   NVIDIA Corporation       (Verified) Microsoft Windows Hardware Compatibility Publisher
notepad.exe       1,020 K   512 K   3736   Notepad   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
mbae-svc.exe       9,124 K   1,892 K   1012   Malwarebytes Anti-Exploit Service   Malwarebytes Corporation       (Verified) Malwarebytes Corporation
mbae.exe       10,968 K   13,468 K   1440   Malwarebytes Anti-Exploit   Malwarebytes Corporation       (Verified) Malwarebytes Corporation
lsass.exe       4,308 K   2,564 K   232   LSA Shell (Export Version)   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
explorer.exe       25,080 K   12,996 K   1392   Windows Explorer   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
ctfmon.exe       1,220 K   1,480 K   3844   CTF Loader   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
csrss.exe       2,016 K   2,612 K   2040   Client Server Runtime Process   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
CCleaner.exe       20,604 K   19,612 K   1040   CCleaner   Piriform Ltd       (Verified) Piriform Ltd
BDAntiRansomware.exe       21,264 K   25,384 K   1056               (Verified) Bitdefender SRL
alg.exe       1,224 K   148 K   3520   Application Layer Gateway Service   Microsoft Corporation       (Verified) Microsoft Windows Component Publisher
AgentSvc.exe       11,632 K   3,988 K   1692   Agent Service   Panda Security, S.L.       (Verified) Panda Security S.L

Attached Files

YOUR-CF6AE05ECC.txt 123.55KB 169 downloads

Edited by koolkat1939, 27 July 2016 - 06:34 PM.

#5
RKinner

Posted 27 July 2016 - 07:07 PM

Malware Expert

Expert
24,625 posts

Uninstall Java. Yours is ancient and very dangerous.

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Double-click VEW.exe

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Make another Speccy log and attach it.

#6
koolkat1939

Posted 28 July 2016 - 12:56 PM

Member

Topic Starter
Member
27 posts

:upset: Sorry it took so long to reply. The disk check took 17 hours to scan my computer. I uninstalled Java.

The attachment is the new Speccy log.

Here is the VEW.exe system report :

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/07/2016 11:31:56 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/07/2016 11:01:56 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: epp32

Log: 'System' Date/Time: 28/07/2016 11:01:18 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

An here is the VEW.exe Application report :

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/07/2016 11:36:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/07/2016 6:37:24 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-CF6AE05ECC\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Attached Files

YOUR-CF6AE05ECC.txt 122.73KB 224 downloads

#7
RKinner

Posted 28 July 2016 - 09:13 PM

Malware Expert

Expert
24,625 posts

Apparently your Panda comes with its own firewall so you can do without Zone Alarm.

FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

I would also uninstall SuperAntiSpyware since you have MBAM.

Log: 'Application' Date/Time: 27/07/2016 6:37:24 PM

Type: warning Category: 0

Event: 1517 Source: Userenv

Windows saved user YOUR-CF6AE05ECC\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Download UPHClean. To download and install UPHClean, visit http://www.majorgeeks.com/files/details/microsoft_user_profile_hive_cleanup_service.html

As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.

In the User Profile Hive Cleanup Service installation wizard, click Next.

In the License Agreement page, read the license agreement, select I Agree, and then click Next.

In the Select Installation Folder page, click Next.

In the Confirm Installation page, click Next.

When UPHClean is installed, click Close.

Note UPHClean runs as a service in Windows and will start automatically every time that Windows starts.

To confirm that UPHClean is installed and running, click Start, and then click Run.

In Open box, type the following text, and then click OK:

services.msc

In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.

Log: 'System' Date/Time: 28/07/2016 11:01:56 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: epp32

Log: 'System' Date/Time: 28/07/2016 11:01:18 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error: The specified module could not be found.

We can fix these and remove some trash with a fixlist

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Right click on My Computer and select Manage then Device Manager. Find your mouse (In win 7 it's under Mice & Other Pointing Devices). Right click on it and select Properties.

If you have a tab called Power Management, click on it and uncheck All the Computer to turn off this Device to Save Power..

#8
koolkat1939

Posted 29 July 2016 - 09:21 AM

Member

Topic Starter
Member
27 posts

I kept Zone Alarm because Panda Firewall isn't free and I can't afford it right now. I uninstalled SuperAntiSpyware. There is no Power Management listed under Properties. All it says is General (Tab) Mice & Other Pointing Devices. :no: Something new pop up under Device Manager that looks suspicious it says Other devices with a "?" and under that it says Unknown device with a yellow "?!"

Should I try to uninstall the Unknown device ?

Also here is the FRST log :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Owner (administrator) on YOUR-CF6AE05ECC (29-07-2016 07:43:27)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\readericon45G.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14820864 2005-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [readericon] => C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [BDAntiCryptoLocker] => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1242144 2016-05-16] ()
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0A0959AE-0881-49E2-93CD-40CF9768F46D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1410404456937

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-16]
FF Extension: CS Lite Mod - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-04-28]
FF Extension: BetterPrivacy - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-06]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-07-03]
FF Extension: Ghostery - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\[email protected] [2016-07-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-12] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2014-07-07] (Windows ® 2000 DDK provider) [File not signed]
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-07-26] ()
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540112 2016-03-24] (Check Point Software Technologies Ltd.)
S3 asdids; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-29 07:43 - 2016-07-29 07:45 - 00013594 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-07-29 07:39 - 2015-05-22 01:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-07-29 07:25 - 2016-07-29 07:25 - 00006291 _____ C:\Documents and Settings\Owner\Desktop\Fixlog.txt
2016-07-29 07:18 - 2016-07-29 07:18 - 00000000 ____D C:\Program Files\UPHClean
2016-07-29 07:14 - 2016-07-29 07:14 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\New Folder
2016-07-29 07:12 - 2016-07-29 07:13 - 00003309 _____ C:\Documents and Settings\Owner\Desktop\instructions 2.txt
2016-07-29 06:44 - 2016-07-29 06:44 - 00430080 _____ C:\Documents and Settings\Owner\Desktop\UPHClean-Setup.msi
2016-07-28 11:31 - 2016-07-28 11:36 - 00000870 _____ C:\VEW.txt
2016-07-28 11:23 - 2016-07-28 11:23 - 00061440 _____ ( ) C:\Documents and Settings\Owner\Desktop\VEW.exe
2016-07-27 18:14 - 2016-07-27 18:14 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Sun
2016-07-27 17:11 - 2016-07-27 17:11 - 00126546 _____ C:\Documents and Settings\Owner\My Documents\YOUR-CF6AE05ECC.txt
2016-07-27 17:02 - 2016-07-27 17:02 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-07-27 17:02 - 2016-07-27 17:02 - 00000000 ____D C:\Program Files\Speccy
2016-07-27 17:02 - 2016-07-27 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2016-07-27 16:59 - 2016-07-27 16:59 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Owner\Desktop\procexp.exe
2016-07-27 16:57 - 2016-07-27 16:58 - 05111240 _____ (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\spsetup129.exe
2016-07-27 09:36 - 2016-07-27 09:37 - 01744384 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-07-06 08:11 - 2016-07-06 08:11 - 00001060 _____ C:\stop sign.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-29 07:45 - 2014-11-17 19:34 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-07-29 07:43 - 2016-06-20 09:19 - 00000000 ____D C:\FRST
2016-07-29 07:41 - 2014-07-07 20:58 - 00000000 ____D C:\WINDOWS\system32\Lang
2016-07-29 07:41 - 2014-07-07 09:32 - 00030277 _____ C:\WINDOWS\system32\nvapps.xml
2016-07-29 07:38 - 2004-08-26 11:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-29 07:36 - 2015-05-17 09:09 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-29 07:36 - 2015-03-16 14:21 - 17498112 _____ C:\WINDOWS\system32\config\Nano.evt
2016-07-29 07:36 - 2004-08-26 11:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-07-29 07:25 - 2016-01-20 19:22 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-07-29 07:13 - 2016-06-23 12:05 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\v
2016-07-29 07:06 - 2014-08-02 17:51 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-29 06:56 - 2004-08-26 11:09 - 00000000 ____D C:\Documents and Settings\Owner
2016-07-29 06:55 - 2015-02-20 11:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-29 06:10 - 2014-08-01 17:27 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Macromedia
2016-07-29 06:07 - 2014-11-18 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-07-29 06:07 - 2014-08-04 18:04 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-07-29 06:06 - 2014-09-01 12:12 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-28 17:12 - 2015-01-13 18:10 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Commercials
2016-07-27 17:11 - 2005-07-19 18:40 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2016-07-26 17:16 - 2014-02-18 16:34 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Michael's Stuff
2016-07-26 07:30 - 2014-08-26 19:07 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-25 19:09 - 2016-05-09 12:19 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 4
2016-07-25 19:01 - 2015-11-28 13:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 3
2016-07-25 19:01 - 2005-07-19 18:40 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Music
2016-07-25 18:59 - 2015-06-11 08:32 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 2
2016-07-25 15:07 - 2014-08-02 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-07-21 20:04 - 2014-07-08 05:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2016-07-20 12:49 - 2014-08-13 07:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-07-17 18:24 - 2014-09-23 17:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2016-07-17 18:23 - 2014-08-03 18:32 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-17 18:23 - 2014-08-03 18:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-17 18:23 - 2004-08-26 11:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 06:11 - 2004-08-26 09:12 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-13 05:53 - 2014-07-08 05:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 05:44 - 2014-07-08 05:56 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-21 18:49 - 2015-03-22 10:32 - 0147298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2015-03-21 18:50 - 2015-03-22 10:32 - 0442298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2014-07-17 16:24 - 2016-06-25 08:54 - 0007680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-21 18:25 - 2015-03-21 18:25 - 0000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2015-03-21 18:36 - 2015-03-22 09:31 - 0000010 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\sponge.last.runtime.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Addition log :

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Owner (2016-07-29 07:45:54)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2014-07-07 16:26:44)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-676961170-3691123601-236142853-500 - Administrator - Enabled)
Guest (S-1-5-21-676961170-3691123601-236142853-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-676961170-3691123601-236142853-1004 - Limited - Disabled)
Owner (S-1-5-21-676961170-3691123601-236142853-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-676961170-3691123601-236142853-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
AnyBurn (HKLM\...\AnyBurn) (Version: 3.1 - Power Software Ltd)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version: - dvd8n)
CleanUp! (HKLM\...\CleanUp!) (Version: - )
Digital Media Reader (HKLM\...\InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}) (Version: 2.01.00.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.00.02 - AlcorMicro) Hidden
Flash Cookie Cleaner (HKLM\...\{E4E1D7C7-6561-4462-96B5-E6439488ED41}) (Version: 2.0 - ConsumerSoft)
K-Lite Mega Codec Pack 10.5.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version: - Virtuoza)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - CyberLink Corporation)
Privacy Eraser Pro (HKLM\...\{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1) (Version: Privacy Eraser Pro 7.0 - PrivacyEraser Computing, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.96 - Realtek Semiconductor Corp.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Uniblue PowerSuite (HKLM\...\SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1) (Version: - Uniblue)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
ZoneAlarm Firewall (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2016-03-30 12:55 - 2016-05-16 16:25 - 01242144 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
2016-03-30 12:55 - 2015-08-14 14:49 - 00504320 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDMetrics.dll
2016-04-23 07:57 - 2016-04-15 17:11 - 00023968 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-05-26 21:02 - 2015-03-24 19:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-676961170-3691123601-236142853-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

30-04-2016 11:01:06 System Checkpoint
01-05-2016 17:39:09 System Checkpoint
03-05-2016 03:41:33 System Checkpoint
04-05-2016 11:00:49 System Checkpoint
05-05-2016 11:42:16 System Checkpoint
06-05-2016 12:29:10 System Checkpoint
07-05-2016 12:33:08 System Checkpoint
08-05-2016 13:14:25 System Checkpoint
10-05-2016 09:35:49 System Checkpoint
11-05-2016 04:56:30 Software Distribution Service 3.0
12-05-2016 07:20:07 System Checkpoint
13-05-2016 11:50:49 System Checkpoint
14-05-2016 17:00:25 System Checkpoint
16-05-2016 10:17:50 System Checkpoint
17-05-2016 16:46:23 System Checkpoint
18-05-2016 19:10:09 System Checkpoint
20-05-2016 09:28:52 System Checkpoint
21-05-2016 09:59:36 System Checkpoint
22-05-2016 10:13:16 System Checkpoint
23-05-2016 10:25:53 System Checkpoint
24-05-2016 12:03:10 System Checkpoint
25-05-2016 13:28:21 System Checkpoint
27-05-2016 12:23:48 System Checkpoint
29-05-2016 07:42:05 System Checkpoint
30-05-2016 09:22:13 System Checkpoint
31-05-2016 09:36:50 System Checkpoint
03-06-2016 02:56:16 System Checkpoint
04-06-2016 10:46:36 System Checkpoint
05-06-2016 14:30:08 System Checkpoint
06-06-2016 15:22:03 System Checkpoint
07-06-2016 15:57:44 System Checkpoint
08-06-2016 17:36:32 System Checkpoint
10-06-2016 07:56:13 System Checkpoint
11-06-2016 09:06:30 JRT Pre-Junkware Removal
12-06-2016 10:49:03 System Checkpoint
13-06-2016 15:25:34 System Checkpoint
15-06-2016 06:11:27 Software Distribution Service 3.0
16-06-2016 08:50:55 System Checkpoint
17-06-2016 12:13:04 System Checkpoint
19-06-2016 10:00:47 System Checkpoint
20-06-2016 12:37:29 System Checkpoint
22-06-2016 15:34:20 System Checkpoint
24-06-2016 14:07:46 System Checkpoint
27-06-2016 07:10:59 System Checkpoint
28-06-2016 12:01:37 System Checkpoint
29-06-2016 13:24:44 System Checkpoint
01-07-2016 14:06:40 System Checkpoint
03-07-2016 11:30:22 System Checkpoint
04-07-2016 12:04:04 System Checkpoint
05-07-2016 18:03:11 System Checkpoint
06-07-2016 19:10:28 System Checkpoint
08-07-2016 07:04:17 System Checkpoint
09-07-2016 10:57:50 System Checkpoint
10-07-2016 11:25:40 System Checkpoint
11-07-2016 11:30:34 System Checkpoint
13-07-2016 05:41:32 Software Distribution Service 3.0
14-07-2016 10:05:24 System Checkpoint
16-07-2016 09:25:39 System Checkpoint
18-07-2016 06:58:31 System Checkpoint
19-07-2016 07:29:58 System Checkpoint
20-07-2016 12:19:31 System Checkpoint
23-07-2016 07:05:02 System Checkpoint
24-07-2016 07:38:28 System Checkpoint
26-07-2016 08:55:38 System Checkpoint
27-07-2016 12:46:14 System Checkpoint
27-07-2016 18:14:39 Removed J2SE Runtime Environment 5.0 Update 2
29-07-2016 07:18:36 Installed User Profile Hive Cleanup Service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3400+
Percentage of memory in use: 51%
Total physical RAM: 895.36 MB
Available physical RAM: 432.7 MB
Total Virtual: 2167.24 MB
Available Virtual: 1680.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:181.87 GB) (Free:31.07 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=181.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.4 GB) - (Type=0B)

==================== End of Addition.txt ============================

#9
RKinner

Posted 29 July 2016 - 09:31 AM

Malware Expert

Expert
24,625 posts

If you click on the + in front of Mice & Other Pointing Devices do you see a mouse driver appear? What is it?

No point in uninstalling the unknown device - it will just come back. Let's see what it is:

Right click on My Computer and select Manage and then Device Manager then View, Show Hidden Drivers. Now look in the right pane for yellow flagged devices. Right click on one and select properties then click on the Details tab. Change Property to Hardware IDs. Click on the top one then right click and copy. Paste that into a reply. Repeat for all yellow flagged devices.

You can also uninstall Uniblue PowerSuite. It's not a recommended product and can do some serious damage to your system.

We don't need Speccy any more so you can uninstall it too.

#10
koolkat1939

Posted 29 July 2016 - 12:02 PM

Member

Topic Starter
Member
27 posts

Mouse Driver is HID - compliant mouse .Driver File Details C:\WINDOWS\system32\DRIVERS\mouclass.sys

C:\WINDOWS\system32\DRIVERS\mouhid.sys

Under Details tab : HID\VID_093A&0&0000

---------------------------------------------------------------------------------------------------------------------------------------

The only yellow flagged is the one I mentioned . Under Hardware IDs it says nothing but Unknown device but

when I select Device Instance Id it says ROOT\LEGACY_SASKUTIL\0000.

OemReset won't go away unless I use Uniblue.Uniblue keeps OemReset.exe from starting up. If I uninstall Uniblue I won't be able to use my computer.

I'll uninstall Speccy .

Edited by koolkat1939, 29 July 2016 - 12:05 PM.

#11
RKinner

Posted 29 July 2016 - 04:10 PM

Malware Expert

Expert
24,625 posts

OK. ROOT\LEGACY_SASKUTIL\0000 is a remnant from SuperAntiSpyware. It may go away if you right click on the unknown device and uninstall it then reboot. If not I know where it hides in the registry.

As far as stopping oemreset it can be stopped with msconfig (start, Run, msconfig, OK) then look under startup.

I dug through the msconfig and also did a little sleuthing. The process was indeed a bit of startup software and at first all I found was the shortcut to it. Once I deleted the shortcut, absolutely everything that was happening at startup, including the SoftThinks program and the device manager, simply didn't start, just from one shortcut. So I undeleted it and found that several programs were in the C:\WINDOWS\OPTIONS directory that were all related to this stuff. It might be a little preemptive, but I deleted everything in that folder. I compared it to the Options folder on my wifes desktop before ruthlessly deleting it all and found the only discrepancy to be a lack of a CABS folder. The audit mode errors haven't appeared since then,

You can also look for it with autoruns:

http://live.sysinter...om/autoruns.exe

Download Save and Run the program . To stop something from booting you just uncheck it.

Windows\Options is a hidden system folder so you may need to:

Double-click on the My Computer icon.

Select the Tools menu and click Folder Options.

After the new window appears select the View tab.

Put a checkmark in the checkbox labeled Display the contents of system folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Press the Apply button and then the OK button

Since it's in startup you should be able to bypass it by booting into Safe Mode:

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Then run msconfig and uncheck the item that calls it.

The Hardware ID for your mouse is pretty rare. Is there something special about this mouse? Does it have a make and model number? Is this one with a big round connector, a little round connector or a USB connector? Often you can fix a defective device by simply right clicking on it in device manager and then Uninstalling it. (Do not remove any drivers if it asks you). Once you reboot, XP will reinstall it and hopefully get it right this time.

#12
koolkat1939

Posted 29 July 2016 - 06:08 PM

Member

Topic Starter
Member
27 posts

:spoton: Yep that was part of SuperAntiSpyware. I uninstalled it. Thanks for the tip on OemReset. I used msconfig to fix it and so I uninstalled Uniblue without any problems.

I already tried all that stuff with the mouse. I even bought a new mouse last year. It is a USB mouse with the laser light. I can't remember the make or model number of the mouse. Anyway I'm positive it is a Virus or Malware because it also messes with my fan and with whatever Anti-Virus or Anti-Spyware I try.

Edited by koolkat1939, 29 July 2016 - 06:09 PM.

#13
RKinner

Posted 29 July 2016 - 07:50 PM

Malware Expert

Expert
24,625 posts

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.

Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.

Click on http://www.bleepingc...opic114351.html to see a list of programs that should be disabled.

Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")

Allow the driver to load if asked.

You may be prompted to scan immediately if it detects rootkit activity.

If you are prompted to scan your system click "No", save the log and post back the results.

If not prompted, click the "Rootkit/Malware" tab.

On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.

Select all drives that are connected to your system to be scanned.

Click the Scan button to begin. (Please be patient as it can take some time to complete)

When the scan is finished, click Save to save the scan results to your Desktop.

Save the file as Results.log and copy/paste the contents in your next reply.

Exit the program and re-enable all active protection when done.

Download aswMBR.exe to your desktop.

Double click aswMBR.exe

uncheck trace disk IO calls

Click the "Scan" button to start scan (Accept the Avast Engine)

On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply

If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:

http://download.blee...Bs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:

http://support.kaspe.../tdsskiller.exe

Save it to your desktop then run it.

Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:

before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.

In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

#14
koolkat1939

Posted 30 July 2016 - 10:35 AM

Member

Topic Starter
Member
27 posts

OK here are my logs. After I ran aswMBR.exe it created a MBR.dat . What do I do with that ? An after I ran ComboFix it created a Internet Explorer on my desk top . What do I do with that ? TDSSKiller said UPHClean was bad . I figured it was a false positive so I skipped it.

:yes: GMER log :

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-07-30 00:42:38
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDT722520DLAT80 rev.V44OA96A 186.31GB
Running: 9ik17ki1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afrdqaod.sys

---- System - GMER 2.2 ----

SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwConnectPort [0xF3F19734]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateFile [0xF3F12EFC]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateKey [0xF3F34E80]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreatePort [0xF3F19F48]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateProcess [0xF3F2EBDC]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateProcessEx [0xF3F2F010]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateSection [0xF3F39678]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateWaitablePort [0xF3F1A0B2]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDeleteFile [0xF3F13C3C]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDeleteKey [0xF3F36974]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDeleteValueKey [0xF3F36226]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDuplicateObject [0xF3F2D996]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwLoadDriver [0xF3F0D63E]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwLoadKey [0xF3F37406]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwLoadKey2 [0xF3F37644]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwMapViewOfSection [0xF3F39A42]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwOpenFile [0xF3F137EC]
SSDT            \SystemRoot\system32\DRIVERS\PSINReg.sys                          ZwOpenKey [0xB9C62592]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwOpenProcess [0xF3F31144]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwOpenThread [0xF3F30D36]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwProtectVirtualMemory [0xF3F46D8C]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwRenameKey [0xF3F384DE]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwReplaceKey [0xF3F37DC0]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwRequestWaitReplyPort [0xF3F1930E]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwRestoreKey [0xF3F38F52]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSecureConnectPort [0xF3F19A2E]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetInformationFile [0xF3F14048]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetInformationObject [0xF3F46C44]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetSecurityObject [0xF3F38A68]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetSystemInformation [0xF3F0CCF0]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetValueKey [0xF3F35946]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSystemDebugControl [0xF3F2FD32]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwTerminateProcess [0xF3F2FA56]
SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwUnloadDriver [0xF3F0DAC2]
SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                   ZwUnloadKey [0xB95FF75C]

---- Kernel code sections - GMER 2.2 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 24DC                              80501D38 12 Bytes [48, 9F, F1, F3, DC, EB, F2, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 25A8                              80501E04 12 Bytes [3E, D6, F0, F3, 06, 74, F3, ...]
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                          section is writeable [0xF6DAD360, 0x1FE48D, 0xE8000020]
?               C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                       The system cannot find the file specified. !

---- User code sections - GMER 2.2 ----

.text           C:\9ik17ki1.exe[2344] ntdll.dll!NtRaiseHardError                  7C90D9BE 5 Bytes JMP 10001040 C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll
.text           C:\WINDOWS\system32\wscntfy.exe[3560] ntdll.dll!NtRaiseHardError 7C90D9BE 5 Bytes JMP 10001040 C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll

---- Devices - GMER 2.2 ----

Device          \Driver\Tcpip \Device\Ip                                          vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Ip                                          NNSPihs.sys

Device          \Driver\Tcpip \Device\Tcp                                         vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Tcp                                         NNSPihs.sys

Device          \Driver\Tcpip \Device\Udp                                         vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Udp                                         NNSPihs.sys

Device          \Driver\Tcpip \Device\RawIp                                       vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\RawIp                                       NNSPihs.sys

Device          \Driver\Tcpip \Device\IPMULTICAST                                 vsdatant.sys

AttachedDevice \FileSystem\Fastfat \Fat                                          fltmgr.sys

---- Disk sectors - GMER 2.2 ----

Disk            \Device\Harddisk0\DR0                                             unknown MBR code

---- EOF - GMER 2.2 ----

------------------------------------------------------------------------------------------------------------------------------------------------------------

:yes: aswMBR log :

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-07-30 06:26:07
-----------------------------
06:26:07.171    OS Version: Windows 5.1.2600 Service Pack 3
06:26:07.171    Number of processors: 1 586 0x2F02
06:26:07.187    ComputerName: YOUR-CF6AE05ECC UserName: Owner
06:26:10.609    Initialize success
06:26:11.359    VM: initialized successfully
06:26:11.359    VM: Amd CPU virtualization not supported
06:29:59.562    AVAST engine defs: 16073000
06:31:12.093    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:31:12.093    Disk 0 Vendor: HDT722520DLAT80 V44OA96A Size: 190782MB BusType: 3
06:31:12.453    Disk 0 MBR read successfully
06:31:12.453    Disk 0 MBR scan
06:31:12.625    Disk 0 unknown MBR code
06:31:21.187    Disk 0 PE file @ sector 390704852/390721968
06:31:21.203    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       186230 MB offset 9317700
06:31:21.250    Disk 0 default boot code
06:31:21.328    Disk 0 Partition 2 00     0B          FAT32 RECOVERY     4549 MB offset 63
06:31:21.359    Disk 0 scanning sectors +390716865
06:31:21.671    Disk 0 scanning C:\WINDOWS\system32\drivers
06:32:11.796    Service scanning
06:33:13.281    Modules scanning
06:33:15.953    AVAST engine scan C:\WINDOWS
06:33:31.468    AVAST engine scan C:\WINDOWS\system32
06:43:59.562    AVAST engine scan C:\WINDOWS\system32\drivers
06:44:43.500    AVAST engine scan C:\Documents and Settings\Owner
07:43:13.812    File: C:\Documents and Settings\Owner\My Documents\New Folder\Free Any Burn 1.4\freeanyburn_setup.exe **INFECTED** Win32:Malware-gen
07:48:00.687    File: C:\Documents and Settings\Owner\My Documents\Tools & Programs\Free Any Burn 1.4\freeanyburn_setup.exe **INFECTED** Win32:Malware-gen
07:48:20.687    AVAST engine scan C:\Documents and Settings\All Users
07:51:50.859    Disk 0 statistics 2866287/0/0 @ 0.62 MB/s
07:51:50.875    Scan finished successfully
07:59:06.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
07:59:06.296    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

---------------------------------------------------------------------------------------------------------------------------------------------------------

:yes: ComboFix log :

ComboFix 16-07-25.01 - Owner 07/30/2016   8:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.554 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\windows\Update.bat
.
.
(((((((((((((((((((((((((   Files Created from 2016-06-28 to 2016-07-30 )))))))))))))))))))))))))))))))
.
.
2016-07-30 02:11 . 2016-07-30 02:12   380928   ----a-w-   C:\9ik17ki1.exe
2016-07-29 23:29 . 2015-05-22 08:45   50832   ----a-w-   c:\windows\system32\drivers\PSKMAD.sys
2016-07-29 14:18 . 2016-07-29 14:18   --------   d-----w-   c:\program files\UPHClean
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-29 21:50 . 2014-09-01 19:12   121560   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2016-07-29 21:49 . 2014-08-03 00:51   170200   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-26 14:30 . 2014-08-27 02:07   24688   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2016-07-18 01:23 . 2014-08-04 01:32   796352   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2016-07-18 01:23 . 2014-08-04 01:32   142528   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2016-06-02 2623456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"PSUAMain"="c:\program files\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-10-22 54520]
"BDAntiCryptoLocker"="c:\program files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe" [2016-05-16 1242144]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2016-03-24 134480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Oemreset.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Oemreset.lnk
backup=c:\windows\pss\Oemreset.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^_uninst_.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\_uninst_.lnk
backup=c:\windows\pss\_uninst_.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43   59720   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42   1695232   ------w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51   17408   ----a-w-   c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [11/15/2015 6:30 PM 50016]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [7/9/2015 8:37 AM 87032]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [7/9/2015 8:37 AM 202104]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [7/9/2015 8:37 AM 109688]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [7/9/2015 8:37 AM 121720]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [7/9/2015 8:37 AM 102264]
R1 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [7/9/2015 8:37 AM 52088]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [7/9/2015 8:37 AM 120568]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [7/9/2015 8:37 AM 281720]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [7/9/2015 8:37 AM 209016]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [7/9/2015 8:37 AM 108408]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [7/9/2015 8:37 AM 240376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [7/9/2015 8:37 AM 94968]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [7/19/2015 9:46 AM 172792]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [11/15/2015 6:30 PM 742368]
R2 NanoServiceMain;Panda Protection Service;c:\program files\Panda Security\Panda Security Protection\PSANHost.exe [10/18/2015 2:32 AM 142072]
R2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2/22/2016 6:24 PM 73176]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [7/19/2015 9:46 AM 140792]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/19/2015 9:46 AM 103288]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [7/19/2015 9:46 AM 114680]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/19/2015 9:46 AM 125176]
R2 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [7/19/2015 9:46 AM 100600]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Security Protection\PSUAService.exe [10/22/2015 9:42 AM 38136]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/19/2015 10:22 AM 96272]
R3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [5/20/2015 3:18 AM 55216]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [7/29/2016 4:29 PM 50832]
S3 asdids;Anvisoft Intrusion Detection System Service; [x]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - aswVmm
*Deregistered* - uphcleanhlp
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mbamchameleon
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-07-30 08:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\5AHSH54OwLwn]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\.Default\Software\Locky]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\LocalService\Software\5AHSH54OwLwn]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\LocalService\Software\Locky]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\LocalService_Classes\Software\5AHSH54OwLwn]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\LocalService_Classes\Software\Locky]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-20\Software\5AHSH54OwLwn]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-20\Software\Locky]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-20_Classes\Software\5AHSH54OwLwn]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-20_Classes\Software\Locky]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\5AHSH54OwLwn]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\Locky]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\5AHSH54OwLwn]
@Denied: (B 2 3) (Everyone)
.
[HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\Locky]
@Denied: (B 2 3) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2016-07-30 08:45:23
ComboFix-quarantined-files.txt 2016-07-30 15:45
.
Pre-Run: 33,002,393,600 bytes free
Post-Run: 33,421,250,560 bytes free
.
- - End Of File - - AAACF4017E191E165E1FD716EDDF7E7E
620801C51A4A223B7167BE50689BA748

--------------------------------------------------------------------------------------------------------------------------------------------------------

:yes: TDSSKiller log :

08:56:43.0000 0x0e44 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
08:57:17.0500 0x0e44 ============================================================
08:57:17.0500 0x0e44 Current date / time: 2016/07/30 08:57:17.0500
08:57:17.0500 0x0e44 SystemInfo:
08:57:17.0500 0x0e44
08:57:17.0500 0x0e44 OS Version: 5.1.2600 ServicePack: 3.0
08:57:17.0500 0x0e44 Product type: Workstation
08:57:17.0500 0x0e44 ComputerName: YOUR-CF6AE05ECC
08:57:17.0500 0x0e44 UserName: Owner
08:57:17.0500 0x0e44 Windows directory: C:\WINDOWS
08:57:17.0500 0x0e44 System windows directory: C:\WINDOWS
08:57:17.0500 0x0e44 Processor architecture: Intel x86
08:57:17.0500 0x0e44 Number of processors: 1
08:57:17.0500 0x0e44 Page size: 0x1000
08:57:17.0500 0x0e44 Boot type: Normal boot
08:57:17.0500 0x0e44 ============================================================
08:57:20.0812 0x0e44 KLMD registered as C:\WINDOWS\system32\drivers\12226946.sys
08:57:22.0281 0x0e44 System UUID: {15358A07-42A6-9E23-7143-6D9408802CA4}
08:57:25.0406 0x0e44 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 ( 186.31 Gb ), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:57:25.0640 0x0e44 ============================================================
08:57:25.0640 0x0e44 \Device\Harddisk0\DR0:
08:57:25.0640 0x0e44 MBR partitions:
08:57:25.0640 0x0e44 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8E2D44, BlocksNum 0x16BBB07D
08:57:25.0640 0x0e44 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x8E2D05
08:57:25.0640 0x0e44 ============================================================
08:57:25.0687 0x0e44 C: <-> \Device\Harddisk0\DR0\Partition1
08:57:25.0687 0x0e44 D: <-> \Device\Harddisk0\DR0\Partition2
08:57:25.0687 0x0e44 ============================================================
08:57:25.0687 0x0e44 Initialize success
08:57:25.0687 0x0e44 ============================================================
08:59:19.0890 0x1fe0 ============================================================
08:59:19.0890 0x1fe0 Scan started
08:59:19.0890 0x1fe0 Mode: Manual; SigCheck; TDLFS;
08:59:19.0890 0x1fe0 ============================================================
08:59:19.0890 0x1fe0 KSN ping started
08:59:33.0468 0x1fe0 KSN ping finished: true
08:59:34.0281 0x1fe0 ================ Scan system memory ========================
08:59:34.0281 0x1fe0 System memory - ok
08:59:34.0296 0x1fe0 ================ Scan services =============================
08:59:34.0625 0x1fe0 Abiosdsk - ok
08:59:34.0671 0x1fe0 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:59:35.0031 0x1fe0 abp480n5 - ok
08:59:35.0265 0x1fe0 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:59:35.0421 0x1fe0 ACPI - ok
08:59:35.0468 0x1fe0 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
08:59:35.0593 0x1fe0 ACPIEC - ok
08:59:35.0640 0x1fe0 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:59:35.0812 0x1fe0 adpu160m - ok
08:59:35.0890 0x1fe0 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:59:36.0031 0x1fe0 aec - ok
08:59:36.0125 0x1fe0 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:59:36.0187 0x1fe0 AFD - ok
08:59:36.0625 0x1fe0 [ B7D2103EB2ECB765B2B7106BAD089AB1, 5526BEA4C10B132CD351C05873DB0E721D7FF87EE5452AF0AAC1C0293EA97E8C ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:59:37.0437 0x1fe0 AgereSoftModem - ok
08:59:37.0484 0x1fe0 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
08:59:37.0625 0x1fe0 agp440 - ok
08:59:37.0640 0x1fe0 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:59:37.0781 0x1fe0 agpCPQ - ok
08:59:37.0812 0x1fe0 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:59:37.0859 0x1fe0 Aha154x - ok
08:59:37.0890 0x1fe0 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:59:38.0031 0x1fe0 aic78u2 - ok
08:59:38.0062 0x1fe0 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:59:38.0187 0x1fe0 aic78xx - ok
08:59:38.0234 0x1fe0 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:59:38.0359 0x1fe0 Alerter - ok
08:59:38.0406 0x1fe0 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
08:59:38.0546 0x1fe0 ALG - ok
08:59:38.0578 0x1fe0 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
08:59:38.0687 0x1fe0 AliIde - ok
08:59:38.0734 0x1fe0 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:59:38.0843 0x1fe0 alim1541 - ok
08:59:38.0859 0x1fe0 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:59:38.0968 0x1fe0 amdagp - ok
08:59:38.0984 0x1fe0 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
08:59:39.0062 0x1fe0 amsint - ok
08:59:39.0062 0x1fe0 AppMgmt - ok
08:59:39.0093 0x1fe0 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
08:59:39.0234 0x1fe0 asc - ok
08:59:39.0250 0x1fe0 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:59:39.0312 0x1fe0 asc3350p - ok
08:59:39.0343 0x1fe0 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:59:39.0500 0x1fe0 asc3550 - ok
08:59:39.0546 0x1fe0 [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
08:59:39.0578 0x1fe0 ASCTRM - detected UnsignedFile.Multi.Generic ( 1 )
08:59:42.0015 0x1fe0 Detect skipped due to KSN trusted
08:59:42.0015 0x1fe0 ASCTRM - ok
08:59:42.0031 0x1fe0 asdids - ok
08:59:42.0156 0x1fe0 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:59:42.0187 0x1fe0 aspnet_state - ok
08:59:42.0234 0x1fe0 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:59:42.0359 0x1fe0 AsyncMac - ok
08:59:42.0406 0x1fe0 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:59:42.0656 0x1fe0 atapi - ok
08:59:42.0656 0x1fe0 Atdisk - ok
08:59:42.0703 0x1fe0 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:59:42.0828 0x1fe0 Atmarpc - ok
08:59:42.0875 0x1fe0 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:59:43.0000 0x1fe0 AudioSrv - ok
08:59:43.0046 0x1fe0 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:59:43.0203 0x1fe0 audstub - ok
08:59:43.0218 0x1fe0 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:59:43.0359 0x1fe0 Beep - ok
08:59:43.0546 0x1fe0 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:59:43.0890 0x1fe0 BITS - ok
08:59:43.0968 0x1fe0 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
08:59:44.0000 0x1fe0 Browser - ok
08:59:44.0375 0x1fe0 catchme - ok
08:59:44.0406 0x1fe0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:59:44.0578 0x1fe0 cbidf - ok
08:59:44.0593 0x1fe0 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:59:44.0718 0x1fe0 cbidf2k - ok
08:59:44.0734 0x1fe0 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:59:44.0968 0x1fe0 cd20xrnt - ok
08:59:45.0015 0x1fe0 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:59:45.0171 0x1fe0 Cdaudio - ok
08:59:45.0218 0x1fe0 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:59:45.0312 0x1fe0 Cdfs - ok
08:59:45.0359 0x1fe0 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:59:45.0484 0x1fe0 Cdrom - ok
08:59:45.0484 0x1fe0 Changer - ok
08:59:45.0531 0x1fe0 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
08:59:45.0640 0x1fe0 CiSvc - ok
08:59:45.0671 0x1fe0 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:59:45.0937 0x1fe0 ClipSrv - ok
08:59:46.0000 0x1fe0 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:59:46.0046 0x1fe0 clr_optimization_v2.0.50727_32 - ok
08:59:46.0062 0x1fe0 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:59:46.0203 0x1fe0 CmdIde - ok
08:59:46.0218 0x1fe0 COMSysApp - ok
08:59:46.0265 0x1fe0 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:59:46.0421 0x1fe0 Cpqarray - ok
08:59:46.0468 0x1fe0 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:59:46.0593 0x1fe0 CryptSvc - ok
08:59:46.0671 0x1fe0 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:59:46.0828 0x1fe0 dac2w2k - ok
08:59:46.0843 0x1fe0 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:59:47.0156 0x1fe0 dac960nt - ok
08:59:47.0343 0x1fe0 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:59:47.0468 0x1fe0 DcomLaunch - ok
08:59:47.0546 0x1fe0 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:59:47.0718 0x1fe0 Dhcp - ok
08:59:47.0765 0x1fe0 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:59:47.0875 0x1fe0 Disk - ok
08:59:47.0890 0x1fe0 dmadmin - ok
08:59:48.0234 0x1fe0 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:59:48.0796 0x1fe0 dmboot - ok
08:59:48.0875 0x1fe0 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
08:59:49.0015 0x1fe0 dmio - ok
08:59:49.0062 0x1fe0 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:59:49.0218 0x1fe0 dmload - ok
08:59:49.0250 0x1fe0 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:59:49.0359 0x1fe0 dmserver - ok
08:59:49.0406 0x1fe0 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:59:49.0515 0x1fe0 DMusic - ok
08:59:49.0578 0x1fe0 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:59:49.0609 0x1fe0 Dnscache - ok
08:59:49.0734 0x1fe0 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:59:49.0890 0x1fe0 Dot3svc - ok
08:59:49.0921 0x1fe0 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:59:50.0140 0x1fe0 dpti2o - ok
08:59:50.0171 0x1fe0 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:59:50.0265 0x1fe0 drmkaud - ok
08:59:50.0312 0x1fe0 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:59:50.0437 0x1fe0 EapHost - ok
08:59:50.0484 0x1fe0 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:59:50.0593 0x1fe0 ERSvc - ok
08:59:50.0718 0x1fe0 [ 2AC0FF83258E8FAA5215422E85397A90, C3B097CDCA9363281B6C32EAEBEE6328287A286EFA75AAABB5C2B9A22860C352 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys
08:59:50.0781 0x1fe0 ESProtectionDriver - ok
08:59:50.0859 0x1fe0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
08:59:50.0937 0x1fe0 Eventlog - ok
08:59:51.0062 0x1fe0 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
08:59:51.0125 0x1fe0 EventSystem - ok
08:59:51.0203 0x1fe0 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:59:51.0312 0x1fe0 Fastfat - ok
08:59:51.0375 0x1fe0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:59:51.0421 0x1fe0 FastUserSwitchingCompatibility - ok
08:59:51.0453 0x1fe0 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
08:59:51.0562 0x1fe0 Fdc - ok
08:59:51.0609 0x1fe0 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:59:51.0718 0x1fe0 Fips - ok
08:59:51.0734 0x1fe0 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:59:51.0859 0x1fe0 Flpydisk - ok
08:59:51.0937 0x1fe0 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:59:52.0031 0x1fe0 FltMgr - ok
08:59:52.0125 0x1fe0 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:59:52.0156 0x1fe0 FontCache3.0.0.0 - ok
08:59:52.0187 0x1fe0 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:59:52.0343 0x1fe0 Fs_Rec - ok
08:59:52.0406 0x1fe0 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:59:52.0531 0x1fe0 Ftdisk - ok
08:59:52.0593 0x1fe0 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:59:52.0718 0x1fe0 Gpc - ok
08:59:52.0812 0x1fe0 [ 2A013E7530BEAB6E569FAA83F517E836, 481390EE00AF49BB54B8C885801FCAC0F87F4EF3D935ABBBA42B7C063EFDDB8F ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
08:59:53.0015 0x1fe0 HdAudAddService - ok
08:59:53.0093 0x1fe0 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:59:53.0265 0x1fe0 HDAudBus - ok
08:59:53.0359 0x1fe0 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:59:53.0468 0x1fe0 helpsvc - ok
08:59:53.0484 0x1fe0 HidServ - ok
08:59:53.0531 0x1fe0 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:59:53.0640 0x1fe0 HidUsb - ok
08:59:53.0718 0x1fe0 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:59:53.0843 0x1fe0 hkmsvc - ok
08:59:53.0906 0x1fe0 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
08:59:54.0031 0x1fe0 hpn - ok
08:59:54.0171 0x1fe0 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:59:54.0265 0x1fe0 HTTP - ok
08:59:54.0281 0x1fe0 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:59:54.0406 0x1fe0 HTTPFilter - ok
08:59:54.0421 0x1fe0 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
08:59:54.0546 0x1fe0 i2omgmt - ok
08:59:54.0562 0x1fe0 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:59:54.0656 0x1fe0 i2omp - ok
08:59:54.0718 0x1fe0 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:59:54.0828 0x1fe0 i8042prt - ok
08:59:55.0312 0x1fe0 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:59:56.0093 0x1fe0 idsvc - ok
08:59:56.0125 0x1fe0 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:59:56.0250 0x1fe0 Imapi - ok
08:59:56.0343 0x1fe0 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:59:56.0453 0x1fe0 ImapiService - ok
08:59:56.0500 0x1fe0 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:59:56.0625 0x1fe0 ini910u - ok
08:59:58.0187 0x1fe0 [ 98B7FAB86755A42FE8EB04538A4CD6C8, B0DF80D8061223CF6D1D2B1CF553FB0A6F0BFF6FAE2BB15D9C058327DCFFB6E7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:00:01.0531 0x1fe0 IntcAzAudAddService - ok
09:00:01.0578 0x1fe0 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
09:00:01.0671 0x1fe0 IntelIde - ok
09:00:01.0718 0x1fe0 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:00:01.0843 0x1fe0 Ip6Fw - ok
09:00:01.0890 0x1fe0 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:00:02.0031 0x1fe0 IpFilterDriver - ok
09:00:02.0062 0x1fe0 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:00:02.0171 0x1fe0 IpInIp - ok
09:00:02.0265 0x1fe0 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:00:02.0406 0x1fe0 IpNat - ok
09:00:02.0687 0x1fe0 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:00:02.0796 0x1fe0 IPSec - ok
09:00:02.0828 0x1fe0 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:00:02.0937 0x1fe0 IRENUM - ok
09:00:02.0984 0x1fe0 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:00:03.0093 0x1fe0 isapnp - ok
09:00:03.0125 0x1fe0 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:00:03.0234 0x1fe0 Kbdclass - ok
09:00:03.0312 0x1fe0 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:00:03.0437 0x1fe0 kmixer - ok
09:00:03.0500 0x1fe0 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:00:03.0546 0x1fe0 KSecDD - ok
09:00:03.0765 0x1fe0 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:00:03.0843 0x1fe0 lanmanserver - ok
09:00:03.0921 0x1fe0 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:00:04.0015 0x1fe0 lanmanworkstation - ok
09:00:04.0015 0x1fe0 lbrtfdc - ok
09:00:04.0062 0x1fe0 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:00:04.0187 0x1fe0 LmHosts - ok
09:00:04.0484 0x1fe0 [ 94A5E35D81C121A74E6AC4DC58AA869B, 46C3902EC86E69A78EEA3E27C902165BA88EBD97553F85FF782458B29B58D37D ] MbaeSvc         C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
09:00:05.0125 0x1fe0 MbaeSvc - ok
09:00:05.0171 0x1fe0 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:00:05.0312 0x1fe0 Messenger - ok
09:00:05.0343 0x1fe0 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:00:05.0453 0x1fe0 mnmdd - ok
09:00:05.0515 0x1fe0 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:00:05.0625 0x1fe0 mnmsrvc - ok
09:00:05.0671 0x1fe0 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:00:05.0953 0x1fe0 Modem - ok
09:00:06.0000 0x1fe0 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:00:06.0109 0x1fe0 Mouclass - ok
09:00:06.0156 0x1fe0 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:00:06.0281 0x1fe0 mouhid - ok
09:00:06.0328 0x1fe0 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:00:06.0437 0x1fe0 MountMgr - ok
09:00:06.0562 0x1fe0 [ 69E23C730974BAC8C11DF2B7C4C9D37B, 8DC4448EC9C9647381952D7822B39C89E0997B4B964A785AE274144FADEE3C02 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:00:06.0640 0x1fe0 MozillaMaintenance - ok
09:00:06.0671 0x1fe0 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:00:06.0968 0x1fe0 mraid35x - ok
09:00:07.0046 0x1fe0 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:00:07.0203 0x1fe0 MRxDAV - ok
09:00:07.0421 0x1fe0 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:00:07.0906 0x1fe0 MRxSmb - ok
09:00:07.0953 0x1fe0 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:00:08.0062 0x1fe0 MSDTC - ok
09:00:08.0078 0x1fe0 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:00:08.0187 0x1fe0 Msfs - ok
09:00:08.0203 0x1fe0 MSIServer - ok
09:00:08.0250 0x1fe0 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:00:08.0343 0x1fe0 MSKSSRV - ok
09:00:08.0359 0x1fe0 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:00:08.0468 0x1fe0 MSPCLOCK - ok
09:00:08.0500 0x1fe0 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:00:08.0609 0x1fe0 MSPQM - ok
09:00:08.0625 0x1fe0 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:00:08.0937 0x1fe0 mssmbios - ok
09:00:09.0000 0x1fe0 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:00:09.0031 0x1fe0 Mup - ok
09:00:09.0078 0x1fe0 [ E1CDF20697D992CF83FF86DD04DF1285, F11EFA7B96672225BFB4302CD2272AD0D189973CBC24E9DA71FC3C7DAA78D4EA ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
09:00:09.0218 0x1fe0 mxnic - ok
09:00:09.0390 0x1fe0 [ 4672AA80B5517E43927AFA46CB813708, 3DED7E055D480AF6009EE6B2E52D52EEC463CF06615A36CC3D20C7798798C38A ] NanoServiceMain C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
09:00:09.0468 0x1fe0 NanoServiceMain - ok
09:00:09.0609 0x1fe0 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:00:10.0046 0x1fe0 napagent - ok
09:00:10.0140 0x1fe0 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:00:10.0265 0x1fe0 NDIS - ok
09:00:10.0296 0x1fe0 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:00:10.0343 0x1fe0 NdisTapi - ok
09:00:10.0375 0x1fe0 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:00:10.0484 0x1fe0 Ndisuio - ok
09:00:10.0531 0x1fe0 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:00:10.0640 0x1fe0 NdisWan - ok
09:00:10.0703 0x1fe0 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:00:10.0921 0x1fe0 NDProxy - ok
09:00:10.0953 0x1fe0 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:00:11.0062 0x1fe0 NetBIOS - ok
09:00:11.0140 0x1fe0 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:00:11.0265 0x1fe0 NetBT - ok
09:00:11.0375 0x1fe0 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:00:11.0484 0x1fe0 NetDDE - ok
09:00:11.0531 0x1fe0 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:00:11.0640 0x1fe0 NetDDEdsdm - ok
09:00:11.0687 0x1fe0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:00:11.0796 0x1fe0 Netlogon - ok
09:00:11.0890 0x1fe0 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
09:00:12.0015 0x1fe0 Netman - ok
09:00:12.0093 0x1fe0 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:00:12.0171 0x1fe0 NetTcpPortSharing - ok
09:00:12.0281 0x1fe0 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:00:12.0296 0x1fe0 Nla - ok
09:00:12.0375 0x1fe0 [ BBBB601FB3749A1D0876C2DB82DB5A8A, 6B7EF33FA22E0702471DB10E5AFC0A2D3DFC222B4FE6ECD4D46B24779D905E32 ] NNSALPC         C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys
09:00:12.0421 0x1fe0 NNSALPC - ok
09:00:12.0515 0x1fe0 [ B32E8C24EF54EB0E65FE160622AEC240, 80BE481D35023D9524C2CD28D3F9B75192C609FEE277BF2BD310367124D425EA ] NNSHTTP         C:\WINDOWS\system32\DRIVERS\NNSHttp.sys
09:00:12.0625 0x1fe0 NNSHTTP - ok
09:00:12.0671 0x1fe0 [ C81057256FAE5F3CFB7A1F651E43D288, 4AC801AB431B7E29ACE18E68F7C46E42018746077501BB380A071593E29AD2B1 ] NNSHTTPS        C:\WINDOWS\system32\DRIVERS\NNSHttps.sys
09:00:12.0734 0x1fe0 NNSHTTPS - ok
09:00:12.0781 0x1fe0 [ 14B39AC886DA9E294D41AD8C59FC1606, DC00D3D2508AB66716DAEA4C6121D90EEF99540316F267A52B2EC0DEE79C3190 ] NNSIDS          C:\WINDOWS\system32\DRIVERS\NNSIds.sys
09:00:12.0843 0x1fe0 NNSIDS - ok
09:00:12.0906 0x1fe0 [ 38A2763C2D90069B172A520BE358841C, 5C6E0B32184C35AF562AE0571A99A8A3F942A516236B4AB5ABD23805D29E84B4 ] NNSNAHS         C:\WINDOWS\system32\DRIVERS\NNSNAHS.sys
09:00:12.0937 0x1fe0 NNSNAHS - ok
09:00:13.0015 0x1fe0 [ 6CF447CF781E4744B27B879AD6B95348, AAF306C212E0867A9F8F98B5B83EC7D7094AF5594642701654D4C07673BE198A ] NNSPICC         C:\WINDOWS\system32\DRIVERS\NNSPicc.sys
09:00:13.0062 0x1fe0 NNSPICC - ok
09:00:13.0109 0x1fe0 [ 4837AF2A082C95D624151F3ED84A09E8, D34A0784E4E62D80C7504C48EBDED0F6C0660ADCD42E556B6B1EC49B470C37C7 ] NNSPIHS         C:\WINDOWS\system32\DRIVERS\NNSPihs.sys
09:00:13.0140 0x1fe0 NNSPIHS - ok
09:00:13.0203 0x1fe0 [ 884BFA9D89EE8D29C036D81BFCC6F8E0, A99F90A949A14E5CDA84F3316F663F67C8F61C09D5175F38E839584020C3EFAE ] NNSPOP3         C:\WINDOWS\system32\DRIVERS\NNSPop3.sys
09:00:13.0265 0x1fe0 NNSPOP3 - ok
09:00:13.0375 0x1fe0 [ E5D77DD5800ABCE5B1BD18C389FF5656, 67E5E68031ADEC606D38A868C37C421289DC81223226D72CF0A6AF07199B7B95 ] NNSPROT         C:\WINDOWS\system32\DRIVERS\NNSProt.sys
09:00:13.0406 0x1fe0 NNSPROT - ok
09:00:13.0500 0x1fe0 [ B93DE267E76C7278A3F6C2ABBEB05383, 156C83D817126136FC8AF54D2563589DF2DFB6A93CB1E7231033109C0166C323 ] NNSPRV          C:\WINDOWS\system32\DRIVERS\NNSPrv.sys
09:00:13.0593 0x1fe0 NNSPRV - ok
09:00:13.0671 0x1fe0 [ 60E0176C475F5D27300115956791001A, 0C27E678FCB27763D6B77E4E8B334C37A13CEE54E53DD4C2FEC151D7FBAC0D23 ] NNSSMTP         C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys
09:00:13.0734 0x1fe0 NNSSMTP - ok
09:00:13.0843 0x1fe0 [ 6752E81E868D23037B61A025C0B1B64D, 31F6AF0B32248AD7539F5B2A99B879B8C850240ED3A181363B3452DAF4ED3543 ] NNSSTRM         C:\WINDOWS\system32\DRIVERS\NNSStrm.sys
09:00:13.0953 0x1fe0 NNSSTRM - ok
09:00:14.0031 0x1fe0 [ DA91875B27DB0905B73D6037232BA7DD, 71F85917B85725CC05C0659364AB2D64876CF42D13D6B32D481E69BF8F3DB13F ] NNSTLSC         C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys
09:00:14.0078 0x1fe0 NNSTLSC - ok
09:00:14.0125 0x1fe0 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:00:14.0250 0x1fe0 Npfs - ok
09:00:14.0468 0x1fe0 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:00:14.0718 0x1fe0 Ntfs - ok
09:00:14.0734 0x1fe0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:00:14.0828 0x1fe0 NtLmSsp - ok
09:00:15.0125 0x1fe0 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:00:15.0406 0x1fe0 NtmsSvc - ok
09:00:15.0453 0x1fe0 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:00:15.0562 0x1fe0 Null - ok
09:00:16.0921 0x1fe0 [ 84C65AA58AE1EDE93716439267A23D40, 4907F9D36025F901F47A42D95EA4C818B7C0BCF975B068241AB396A5985F97CE ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:00:19.0578 0x1fe0 nv - ok
09:00:19.0640 0x1fe0 [ 2A7A2C6AB9631028B6E3A4159AA65705, FE6345ED8089E645A59866421AFF827D6489BFFBEE8129BD008C0B1963CA6D3A ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:00:19.0703 0x1fe0 NVENETFD - ok
09:00:19.0718 0x1fe0 [ 20526A8827DC0956B5526AEBCB6751A0, DC0F9F43E17209AFABB942591A6184370F18DEE252285945C46C4E90BFCFE584 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:00:19.0765 0x1fe0 nvnetbus - ok
09:00:19.0859 0x1fe0 [ 4B4F4029F8E391CA6F15D23D7643CF73, 676008E9A8D2D9EAC57654ADB313D0840E7C6C1B81586A0007A41F39199728EB ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
09:00:19.0921 0x1fe0 NVSvc - ok
09:00:19.0984 0x1fe0 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:00:20.0125 0x1fe0 NwlnkFlt - ok
09:00:20.0156 0x1fe0 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:00:20.0328 0x1fe0 NwlnkFwd - ok
09:00:20.0453 0x1fe0 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:00:20.0500 0x1fe0 ose - ok
09:00:20.0546 0x1fe0 [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
09:00:20.0671 0x1fe0 P3 - ok
09:00:20.0734 0x1fe0 [ 7CB4A8CEFE80C1B924B82ABC8423D75A, 8114529E20433B20542AD7ADDC7D069768E8190A88B1B2ED9988324580D6059C ] PandaAgent      C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
09:00:20.0781 0x1fe0 PandaAgent - detected UnsignedFile.Multi.Generic ( 1 )
09:00:23.0234 0x1fe0 Detect skipped due to KSN trusted
09:00:23.0234 0x1fe0 PandaAgent - ok
09:00:23.0296 0x1fe0 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:00:23.0406 0x1fe0 Parport - ok
09:00:23.0437 0x1fe0 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:00:23.0562 0x1fe0 PartMgr - ok
09:00:23.0578 0x1fe0 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:00:23.0703 0x1fe0 ParVdm - ok
09:00:23.0734 0x1fe0 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:00:23.0843 0x1fe0 PCI - ok
09:00:23.0843 0x1fe0 PCIDump - ok
09:00:23.0890 0x1fe0 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:00:24.0015 0x1fe0 PCIIde - ok
09:00:24.0078 0x1fe0 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:00:24.0203 0x1fe0 Pcmcia - ok
09:00:24.0203 0x1fe0 PDCOMP - ok
09:00:24.0218 0x1fe0 PDFRAME - ok
09:00:24.0218 0x1fe0 PDRELI - ok
09:00:24.0234 0x1fe0 PDRFRAME - ok
09:00:24.0250 0x1fe0 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
09:00:24.0375 0x1fe0 perc2 - ok
09:00:24.0375 0x1fe0 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:00:24.0484 0x1fe0 perc2hib - ok
09:00:24.0562 0x1fe0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:00:24.0578 0x1fe0 PlugPlay - ok
09:00:24.0593 0x1fe0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:00:24.0703 0x1fe0 PolicyAgent - ok
09:00:24.0750 0x1fe0 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:00:24.0859 0x1fe0 PptpMiniport - ok
09:00:24.0890 0x1fe0 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
09:00:25.0031 0x1fe0 Processor - ok
09:00:25.0046 0x1fe0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:00:25.0156 0x1fe0 ProtectedStorage - ok
09:00:25.0187 0x1fe0 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:00:25.0328 0x1fe0 PSched - ok
09:00:25.0421 0x1fe0 [ 173BB240AFD54401BD74B9D98D62DCFE, 50880F22E9B273FDD0D49CBCFB520C35D4F4E6088DDD7EE05EFFEB9736A2920C ] PSINAflt        C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
09:00:25.0484 0x1fe0 PSINAflt - ok
09:00:25.0531 0x1fe0 [ 750D60F53843C154D967557685F0D070, 6C862B9C1C7B8D727BF5DBDFC520C9820BCAB2B660089A81459D4573D9ADF9C8 ] PSINFile        C:\WINDOWS\system32\DRIVERS\PSINFile.sys
09:00:25.0593 0x1fe0 PSINFile - ok
09:00:25.0703 0x1fe0 [ 6F9891C59D2577FCABFA9247259932A8, C7CADC1FEE294C6D47401A8B57FB9F7C32821C1E390329DF6FDF2628CBC70A2C ] PSINKNC         C:\WINDOWS\system32\DRIVERS\psinknc.sys
09:00:25.0781 0x1fe0 PSINKNC - ok
09:00:25.0828 0x1fe0 [ 470E5F203D5DD38C90DEDED6DA9B0426, 05085812440308F5CEF462019BC507B8C065CE7CDA9F4F46BB14DCCF06E3A0FB ] PSINProc        C:\WINDOWS\system32\DRIVERS\PSINProc.sys
09:00:25.0890 0x1fe0 PSINProc - ok
09:00:25.0984 0x1fe0 [ 742E5E552FE42E168E73BC12B50979C6, 935F51A45A4DDEBD466A47B57FEA6EC325FC6FBB6E05E4074E42063EDEF59881 ] PSINProt        C:\WINDOWS\system32\DRIVERS\PSINProt.sys
09:00:26.0046 0x1fe0 PSINProt - ok
09:00:26.0125 0x1fe0 [ 028990AEEBA96B58E2E33FE91694753B, CAD7EB5044C1A4BAADAFE6CF93ECD178316A41D705F12D1319ABAF25E32C05C4 ] PSINReg         C:\WINDOWS\system32\DRIVERS\PSINReg.sys
09:00:26.0171 0x1fe0 PSINReg - ok
09:00:26.0218 0x1fe0 [ B6DE7ACA6781E67F6D614ABC1C88C3FF, 8FB8EC099218E721EA14B3DAB64D8534BC1CD891F0172B82A812255F4F0E7D09 ] PSKMAD          C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
09:00:26.0250 0x1fe0 PSKMAD - ok
09:00:26.0296 0x1fe0 [ F8F2096FB17C1219C81008671F0FADA5, F16CB53622107A5690CF32E43104CCE0172A4D985FE7AD7182AFF2DF3AF01D28 ] PSUAService     C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
09:00:26.0312 0x1fe0 PSUAService - ok
09:00:26.0359 0x1fe0 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:00:26.0468 0x1fe0 Ptilink - ok
09:00:26.0500 0x1fe0 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:00:26.0625 0x1fe0 ql1080 - ok
09:00:26.0656 0x1fe0 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:00:26.0781 0x1fe0 Ql10wnt - ok
09:00:26.0796 0x1fe0 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:00:26.0921 0x1fe0 ql12160 - ok
09:00:26.0953 0x1fe0 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:00:27.0093 0x1fe0 ql1240 - ok
09:00:27.0125 0x1fe0 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:00:27.0234 0x1fe0 ql1280 - ok
09:00:27.0250 0x1fe0 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:00:27.0359 0x1fe0 RasAcd - ok
09:00:27.0437 0x1fe0 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:00:27.0562 0x1fe0 RasAuto - ok
09:00:27.0593 0x1fe0 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:00:27.0718 0x1fe0 Rasl2tp - ok
09:00:27.0828 0x1fe0 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:00:28.0046 0x1fe0 RasMan - ok
09:00:28.0062 0x1fe0 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:00:28.0171 0x1fe0 RasPppoe - ok
09:00:28.0218 0x1fe0 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:00:28.0343 0x1fe0 Raspti - ok
09:00:28.0437 0x1fe0 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:00:28.0562 0x1fe0 Rdbss - ok
09:00:28.0578 0x1fe0 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:00:28.0687 0x1fe0 RDPCDD - ok
09:00:28.0781 0x1fe0 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:00:28.0937 0x1fe0 rdpdr - ok
09:00:29.0031 0x1fe0 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:00:29.0125 0x1fe0 RDPWD - ok
09:00:29.0218 0x1fe0 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\SYSTEM32\sessmgr.exe
09:00:29.0312 0x1fe0 RDSessMgr - ok
09:00:29.0359 0x1fe0 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:00:29.0468 0x1fe0 redbook - ok
09:00:29.0531 0x1fe0 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:00:29.0656 0x1fe0 RemoteAccess - ok
09:00:29.0703 0x1fe0 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:00:29.0796 0x1fe0 RpcLocator - ok
09:00:29.0968 0x1fe0 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
09:00:30.0109 0x1fe0 RpcSs - ok
09:00:30.0187 0x1fe0 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:00:30.0296 0x1fe0 RSVP - ok
09:00:30.0375 0x1fe0 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:00:30.0468 0x1fe0 SamSs - ok
09:00:30.0546 0x1fe0 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:00:30.0640 0x1fe0 SCardSvr - ok
09:00:30.0750 0x1fe0 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:00:30.0875 0x1fe0 Schedule - ok
09:00:30.0937 0x1fe0 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:00:31.0078 0x1fe0 Secdrv - ok
09:00:31.0109 0x1fe0 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:00:31.0218 0x1fe0 seclogon - ok
09:00:31.0265 0x1fe0 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
09:00:31.0390 0x1fe0 SENS - ok
09:00:31.0421 0x1fe0 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:00:31.0531 0x1fe0 serenum - ok
09:00:31.0562 0x1fe0 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:00:31.0703 0x1fe0 Serial - ok
09:00:31.0734 0x1fe0 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:00:31.0859 0x1fe0 Sfloppy - ok
09:00:32.0031 0x1fe0 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:00:32.0359 0x1fe0 SharedAccess - ok
09:00:32.0437 0x1fe0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:00:32.0453 0x1fe0 ShellHWDetection - ok
09:00:32.0468 0x1fe0 Simbad - ok
09:00:32.0515 0x1fe0 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:00:32.0609 0x1fe0 sisagp - ok
09:00:32.0640 0x1fe0 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:00:32.0718 0x1fe0 Sparrow - ok
09:00:32.0750 0x1fe0 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:00:32.0859 0x1fe0 splitter - ok
09:00:32.0921 0x1fe0 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:00:32.0937 0x1fe0 Spooler - ok
09:00:32.0984 0x1fe0 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:00:33.0093 0x1fe0 sr - ok
09:00:33.0203 0x1fe0 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:00:33.0328 0x1fe0 srservice - ok
09:00:33.0515 0x1fe0 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:00:33.0734 0x1fe0 Srv - ok
09:00:33.0781 0x1fe0 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:00:33.0890 0x1fe0 SSDPSRV - ok
09:00:34.0031 0x1fe0 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:00:34.0234 0x1fe0 stisvc - ok
09:00:34.0281 0x1fe0 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:00:34.0406 0x1fe0 swenum - ok
09:00:34.0453 0x1fe0 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:00:34.0562 0x1fe0 swmidi - ok
09:00:34.0578 0x1fe0 SwPrv - ok
09:00:34.0625 0x1fe0 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
09:00:34.0734 0x1fe0 symc810 - ok
09:00:34.0750 0x1fe0 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:00:34.0859 0x1fe0 symc8xx - ok
09:00:34.0875 0x1fe0 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:00:35.0093 0x1fe0 sym_hi - ok
09:00:35.0125 0x1fe0 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:00:35.0250 0x1fe0 sym_u3 - ok
09:00:35.0281 0x1fe0 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:00:35.0406 0x1fe0 sysaudio - ok
09:00:35.0468 0x1fe0 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:00:35.0562 0x1fe0 SysmonLog - ok
09:00:35.0703 0x1fe0 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:00:35.0812 0x1fe0 TapiSrv - ok
09:00:35.0968 0x1fe0 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:00:36.0109 0x1fe0 Tcpip - ok
09:00:36.0156 0x1fe0 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:00:36.0281 0x1fe0 TDPIPE - ok
09:00:36.0312 0x1fe0 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:00:36.0421 0x1fe0 TDTCP - ok
09:00:36.0453 0x1fe0 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:00:36.0562 0x1fe0 TermDD - ok
09:00:36.0703 0x1fe0 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
09:00:36.0828 0x1fe0 TermService - ok
09:00:36.0890 0x1fe0 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:00:36.0921 0x1fe0 Themes - ok
09:00:36.0968 0x1fe0 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
09:00:37.0093 0x1fe0 TosIde - ok
09:00:37.0156 0x1fe0 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:00:37.0296 0x1fe0 TrkWks - ok
09:00:37.0359 0x1fe0 [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\WINDOWS\system32\drivers\TrueSight.sys
09:00:37.0375 0x1fe0 TrueSight - ok
09:00:37.0437 0x1fe0 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:00:37.0562 0x1fe0 Udfs - ok
09:00:37.0578 0x1fe0 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
09:00:37.0640 0x1fe0 ultra - ok
09:00:37.0828 0x1fe0 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:00:38.0140 0x1fe0 Update - ok
09:00:38.0343 0x1fe0 [ 325FB38C323C63C7F57885B4DFB1B91E, 0E9F08FDF2032A7EBE883CE2C7AEF3DC4CE622C2E6F4BEBEAFA24ACF93669C99 ] UPHClean        C:\Program Files\UPHClean\uphclean.exe
09:00:38.0625 0x1fe0 UPHClean - detected UnsignedFile.Multi.Generic ( 1 )
09:00:48.0687 0x1fe0 UPHClean ( UnsignedFile.Multi.Generic ) - warning
09:00:53.0250 0x1fe0 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:00:53.0375 0x1fe0 upnphost - ok
09:00:53.0406 0x1fe0 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
09:00:53.0515 0x1fe0 UPS - ok
09:00:53.0578 0x1fe0 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:00:53.0640 0x1fe0 usbehci - ok
09:00:53.0703 0x1fe0 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:00:53.0812 0x1fe0 usbhub - ok
09:00:53.0843 0x1fe0 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:00:53.0953 0x1fe0 usbohci - ok
09:00:54.0015 0x1fe0 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:00:54.0125 0x1fe0 USBSTOR - ok
09:00:54.0156 0x1fe0 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:00:54.0265 0x1fe0 usbuhci - ok
09:00:54.0296 0x1fe0 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:00:54.0406 0x1fe0 VgaSave - ok
09:00:54.0453 0x1fe0 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:00:54.0562 0x1fe0 viaagp - ok
09:00:54.0593 0x1fe0 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
09:00:54.0703 0x1fe0 ViaIde - ok
09:00:54.0750 0x1fe0 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:00:54.0875 0x1fe0 VolSnap - ok
09:00:55.0171 0x1fe0 [ 5BDD5BAF208B7303D0117431D5D84A1A, 865109C268816C36A8F162F58BE96FFDD020A7D23884147DF430D4F91A345352 ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
09:00:55.0562 0x1fe0 Vsdatant - ok
09:00:57.0578 0x1fe0 [ D10823AD822EFC61F39DD5558FE7D6BD, 5AE16D2142EFD2762FD01DBFE19035D310E85377052A822908B1D4558069DBD5 ] vsmon           C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
09:01:00.0781 0x1fe0 vsmon - ok
09:01:00.0937 0x1fe0 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
09:01:01.0046 0x1fe0 VSS - ok
09:01:01.0125 0x1fe0 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
09:01:01.0250 0x1fe0 W32Time - ok
09:01:01.0437 0x1fe0 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:01:01.0562 0x1fe0 Wanarp - ok
09:01:01.0765 0x1fe0 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
09:01:02.0062 0x1fe0 Wdf01000 - ok
09:01:02.0062 0x1fe0 WDICA - ok
09:01:02.0140 0x1fe0 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:01:02.0234 0x1fe0 wdmaud - ok
09:01:02.0437 0x1fe0 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:01:02.0562 0x1fe0 WebClient - ok
09:01:02.0703 0x1fe0 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:01:02.0859 0x1fe0 winmgmt - ok
09:01:02.0921 0x1fe0 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
09:01:02.0953 0x1fe0 WmdmPmSN - ok
09:01:03.0031 0x1fe0 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:01:03.0156 0x1fe0 WmiApSrv - ok
09:01:03.0703 0x1fe0 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
09:01:04.0046 0x1fe0 WMPNetworkSvc - ok
09:01:04.0093 0x1fe0 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:01:04.0203 0x1fe0 WS2IFSL - ok
09:01:04.0281 0x1fe0 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:01:04.0421 0x1fe0 wscsvc - ok
09:01:04.0437 0x1fe0 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:01:04.0546 0x1fe0 wuauserv - ok
09:01:04.0703 0x1fe0 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:01:04.0765 0x1fe0 WudfPf - ok
09:01:04.0812 0x1fe0 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:01:04.0875 0x1fe0 WudfRd - ok
09:01:04.0921 0x1fe0 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
09:01:04.0984 0x1fe0 WudfSvc - ok
09:01:05.0203 0x1fe0 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:01:05.0656 0x1fe0 WZCSVC - ok
09:01:05.0718 0x1fe0 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:01:05.0828 0x1fe0 xmlprov - ok
09:01:05.0921 0x1fe0 [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
09:01:05.0968 0x1fe0 ZAPrivacyService - ok
09:01:05.0984 0x1fe0 ================ Scan global ===============================
09:01:06.0046 0x1fe0 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
09:01:06.0203 0x1fe0 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:01:06.0437 0x1fe0 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
09:01:06.0500 0x1fe0 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
09:01:06.0515 0x1fe0 [ Global ] - ok
09:01:06.0515 0x1fe0 ================ Scan MBR ==================================
09:01:06.0546 0x1fe0 [ 620801C51A4A223B7167BE50689BA748 ] \Device\Harddisk0\DR0
09:01:06.0953 0x1fe0 \Device\Harddisk0\DR0 - ok
09:01:06.0953 0x1fe0 ================ Scan VBR ==================================
09:01:06.0953 0x1fe0 [ CD222249DCEAA624BC0BED0231F233A2 ] \Device\Harddisk0\DR0\Partition1
09:01:06.0984 0x1fe0 \Device\Harddisk0\DR0\Partition1 - ok
09:01:07.0000 0x1fe0 [ 972BE134A1251BCBD05674D6072B879F ] \Device\Harddisk0\DR0\Partition2
09:01:07.0000 0x1fe0 \Device\Harddisk0\DR0\Partition2 - ok
09:01:07.0000 0x1fe0 ================ Scan generic autorun ======================
09:01:12.0812 0x1fe0 [ 0AF9324D43DF9DF59BB2B0F08223A26C, 3B69B6D3B72935DC502C65B9459B22BEE635B8CBA3361E3DB24ECF3ABA064CF6 ] C:\WINDOWS\RTHDCPL.EXE
09:01:24.0046 0x1fe0 RTHDCPL - ok
09:01:24.0093 0x1fe0 NvMediaCenter - ok
09:01:24.0093 0x1fe0 NvCplDaemon - ok
09:01:25.0125 0x1fe0 [ 54137098AA6C3B65DF277130A9123FF5, C49FFE45140E79795DF16A54FC9C70A886EE4D1B1D812FFB9A0812868C108EA9 ] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
09:01:26.0968 0x1fe0 Malwarebytes Anti-Exploit - ok
09:01:27.0078 0x1fe0 [ 8FB740D758B14B1BC950CC347C21E461, 6EAB429DE35D87C94E9B912E189C248428653674939352E0210FC026F5A4B564 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
09:01:27.0109 0x1fe0 RemoteControl - detected UnsignedFile.Multi.Generic ( 1 )
09:01:29.0546 0x1fe0 Detect skipped due to KSN trusted
09:01:29.0546 0x1fe0 RemoteControl - ok
09:01:29.0656 0x1fe0 [ DAFE20AB1BF7E073AA6636AE227A9C18, E61AB310AA87BE1F59C625DA711D4FD27E9147B9C8944B59CA957BB2F07C975E ] C:\Program Files\Digital Media Reader\readericon45G.exe
09:01:29.0718 0x1fe0 readericon - detected UnsignedFile.Multi.Generic ( 1 )
09:01:32.0171 0x1fe0 Detect skipped due to KSN trusted
09:01:32.0171 0x1fe0 readericon - ok
09:01:32.0171 0x1fe0 nwiz - ok
09:01:32.0234 0x1fe0 [ 9C3B2302B60FB0EFB13BC880A5E3E93E, 16F32AB74A57B521FF431F2C36609DE5F6ABE0DCD3111B4954471DEED700A66B ] C:\WINDOWS\system32\HDAShCut.exe
09:01:32.0281 0x1fe0 High Definition Audio Property Page Shortcut - ok
09:01:32.0421 0x1fe0 [ D3CC7A3813123E955B3A497C04B404E2, 3D4D7BFBD6801155908EF0CB916B45ADEF41A63B39E30CCD9B62F360AC5FF20A ] C:\WINDOWS\SMINST\RECGUARD.EXE
09:01:32.0531 0x1fe0 Recguard - detected UnsignedFile.Multi.Generic ( 1 )
09:01:34.0984 0x1fe0 Detect skipped due to KSN trusted
09:01:34.0984 0x1fe0 Recguard - ok
09:01:35.0437 0x1fe0 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:01:36.0140 0x1fe0 Adobe ARM - ok
09:01:36.0203 0x1fe0 [ 0C9D4FDAEBD8A5A977F06EB5E70D8606, 3A61DC4CCB24A496B292519D2C857646BFF3DBE8F3CFB90AD17FF8A464E1BB74 ] C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
09:01:36.0218 0x1fe0 PSUAMain - ok
09:01:36.0750 0x1fe0 [ 9C9744650A56D9680E507DA9B144A324, D254745DBC391D9C765AE811CA4A8F06EAF4DF9F07AF9353F48CC086454759EA ] C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
09:01:37.0609 0x1fe0 BDAntiCryptoLocker - ok
09:01:37.0718 0x1fe0 [ 2D480F1AAB328DB6FA646909D1CF334A, 04F2C7C28D3EE697F09FE4E73C457053BC21F1B8C55F2E00187544C2EE29659F ] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
09:01:37.0765 0x1fe0 ZoneAlarm - ok
09:01:37.0781 0x1fe0 Waiting for KSN requests completion. In queue: 5
09:01:38.0781 0x1fe0 Waiting for KSN requests completion. In queue: 4
09:01:39.0781 0x1fe0 Waiting for KSN requests completion. In queue: 4
09:01:41.0015 0x1fe0 AV detected via SS1: Panda Free Antivirus, 16.00.02.0000, enabled, updated
09:01:41.0031 0x1fe0 FW detected via SS1: Panda Firewall, 16.00.02.0000, disabled
09:01:41.0031 0x1fe0 FW detected via SS1: ZoneAlarm Free Firewall Firewall, 14.1.57.0, enabled
09:01:43.0546 0x1fe0 ============================================================
09:01:43.0546 0x1fe0 Scan finished
09:01:43.0546 0x1fe0 ============================================================
09:01:43.0546 0x1f18 Detected object count: 1
09:01:43.0546 0x1f18 Actual detected object count: 1
09:02:41.0546 0x1f18 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
09:02:41.0546 0x1f18 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:03:39.0156 0x1218 Deinitialize success

Edited by koolkat1939, 30 July 2016 - 10:36 AM.

#15
RKinner

Posted 31 July 2016 - 09:26 PM

Malware Expert

Expert
24,625 posts

Sorry. Didn't get the notification. Even checked my Spam folder. Don't know what happened.

Let's submit uphclean.exe to virustotal just to make sure the website we got it from wasn't hacked.

Easiest way to submit a file is to copy the path:

C:\Program Files\UPHClean\uphclean.exe

Then

Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with uphclean.exe chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 46+ different anti-virus companies. In either case, If the Detection ratio: is not 0 / 46+ then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

Repeat for:

"C:\Documents and Settings\Owner\Desktop\MBR.dat"

This last is a copy of your MBR that both GMER & aswMBR complained about. Let's see what virustotal thinks about it.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

File::

c:\documents and settings\All Users\Start Menu\Programs\Startup\Oemreset.lnk

c:\windows\pss\Oemreset.lnk

c:\documents and settings\Owner\Start Menu\Programs\Startup\_uninst_.lnk

c:\windows\pss\_uninst_.lnkStartup

c:\Program Files\Common Files\AOL\Loader\aolload.exe

Driver::

asdids

Folder::

C:\Documents and Settings\Owner\My Documents\New Folder\Free Any Burn 1.4

C:\Documents and Settings\Owner\My Documents\Tools & Programs\Free Any Burn 1.4

RegLock::

[HKEY_USERS\.Default\Software\5AHSH54OwLwn]

[HKEY_USERS\.Default\Software\Locky]

[HKEY_USERS\LocalService\Software\5AHSH54OwLwn]

[HKEY_USERS\LocalService\Software\Locky]

[HKEY_USERS\LocalService_Classes\Software\5AHSH54OwLwn]

[HKEY_USERS\LocalService_Classes\Software\Locky]

[HKEY_USERS\S-1-5-20\Software\5AHSH54OwLwn]

[HKEY_USERS\S-1-5-20\Software\Locky]

[HKEY_USERS\S-1-5-20_Classes\Software\5AHSH54OwLwn]

[HKEY_USERS\S-1-5-20_Classes\Software\Locky]

[HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\5AHSH54OwLwn]

[HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\Locky]

[HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\5AHSH54OwLwn]

[HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\Locky]

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[-HKEY_USERS\.Default\Software\5AHSH54OwLwn]

[-HKEY_USERS\.Default\Software\Locky]

[-HKEY_USERS\LocalService\Software\5AHSH54OwLwn]

[-HKEY_USERS\LocalService\Software\Locky]

[-HKEY_USERS\LocalService_Classes\Software\5AHSH54OwLwn]

[-HKEY_USERS\LocalService_Classes\Software\Locky]

[-HKEY_USERS\S-1-5-20\Software\5AHSH54OwLwn]

[-HKEY_USERS\S-1-5-20\Software\Locky]

[-HKEY_USERS\S-1-5-20_Classes\Software\5AHSH54OwLwn]

[-HKEY_USERS\S-1-5-20_Classes\Software\Locky]

[-HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\5AHSH54OwLwn]

[-HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\Locky]

[-HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\5AHSH54OwLwn]

[-HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\Locky]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.