Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Undetectable Virus or Malware freezes mouse cursor and makes fan run


  • Please log in to reply

#1
koolkat1939

koolkat1939

    Member

  • Member
  • PipPip
  • 27 posts

:yes:  Hi I have a Microsoft Windows XP Home Edition Version 2002 Service Pack 3. For several months

I have this Virus or Malware that freezes my mouse cursor , makes my fan constantly run when I run a Anti -Virus or Anti - Spyware scan and the fan runs when I try to watch videos or play video games. It also makes Firefox start up slow.

 

My mouse will work in Safe Mode and I've gotten the mouse to sort of work in Normal Mode by going to Mouse Properties and check marking  Display pointer trails.

 

I've tried scanning with everything from Panda,Avast,Avira,Malwarebytes,SuperAntiSpyware,several Root Kit Scanners, you name it and nothing is detecting it .  :smashcomp:  It's very frustrating !

 

I even tried reinstalling my OS with Back-up and that didn't work .  Right now my DVD-drive is busted so I can't do a Full Clean install of my OS and I don't want to lose my stuff.

---------------------------------------------------------------------------------------------------------------------

 

 

:(  Can someone help me ?  Here are my FRST logs :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Owner (administrator) on YOUR-CF6AE05ECC (27-07-2016 09:49:48)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\readericon45G.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14820864 2005-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [readericon] => C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [BDAntiCryptoLocker] => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1242144 2016-05-16] ()
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [Uniblue SpeedUpMyPC] => C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [9495832 2007-08-16] (Uniblue Software)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-07-21] (SUPERAntiSpyware)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0A0959AE-0881-49E2-93CD-40CF9768F46D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-676961170-3691123601-236142853-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1410404456937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-16]
FF Extension: CS Lite Mod - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-04-28]
FF Extension: BetterPrivacy - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-06]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-07-03]
FF Extension: Ghostery - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\[email protected] [2016-07-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-12] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2014-07-07] (Windows ® 2000 DDK provider) [File not signed]
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2016-07-27] (Malwarebytes)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-07-26] ()
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540112 2016-03-24] (Check Point Software Technologies Ltd.)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 asdids; no ImagePath
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp32.sys [X]
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S1 epp32; \??\C:\EEK\bin\epp32.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\B.tmp [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 09:49 - 2016-07-27 09:51 - 00015641 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-07-27 09:36 - 2016-07-27 09:37 - 01744384 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-07-27 06:42 - 2015-05-22 01:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-07-06 08:11 - 2016-07-06 08:11 - 00001060 _____ C:\stop sign.txt
2016-06-28 12:56 - 2016-06-28 13:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 09:51 - 2014-11-17 19:34 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-07-27 09:49 - 2016-06-20 09:19 - 00000000 ____D C:\FRST
2016-07-27 09:47 - 2004-08-26 11:09 - 00000000 ____D C:\Documents and Settings\Owner
2016-07-27 09:38 - 2016-06-23 12:05 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\v
2016-07-27 07:08 - 2014-08-01 17:27 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Macromedia
2016-07-27 06:56 - 2014-11-18 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-07-27 06:56 - 2014-08-04 18:04 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-07-27 06:53 - 2014-09-01 12:12 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-27 06:44 - 2014-07-07 20:58 - 00000000 ____D C:\WINDOWS\system32\Lang
2016-07-27 06:44 - 2014-07-07 09:32 - 00030277 _____ C:\WINDOWS\system32\nvapps.xml
2016-07-27 06:41 - 2004-08-26 11:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-27 06:39 - 2015-05-17 09:09 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-27 06:39 - 2015-03-16 14:21 - 17367040 _____ C:\WINDOWS\system32\config\Nano.evt
2016-07-27 06:39 - 2004-08-26 11:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-07-27 06:35 - 2014-08-02 17:51 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-26 17:16 - 2014-02-18 16:34 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Michael's Stuff
2016-07-26 07:30 - 2014-08-26 19:07 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-25 19:09 - 2016-05-09 12:19 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 4
2016-07-25 19:01 - 2015-11-28 13:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 3
2016-07-25 19:01 - 2005-07-19 18:40 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Music
2016-07-25 18:59 - 2015-06-11 08:32 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 2
2016-07-25 15:07 - 2014-08-02 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-07-25 12:14 - 2015-01-13 18:10 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Commercials
2016-07-22 05:34 - 2015-02-20 11:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-21 20:04 - 2014-07-08 05:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2016-07-20 12:49 - 2014-08-13 07:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-07-17 18:24 - 2014-09-23 17:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2016-07-17 18:23 - 2014-08-03 18:32 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-17 18:23 - 2014-08-03 18:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-17 18:23 - 2004-08-26 11:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 06:11 - 2004-08-26 09:12 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-13 05:53 - 2014-07-08 05:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 05:44 - 2014-07-08 05:56 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-28 17:19 - 2014-07-08 07:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-27 12:54 - 2016-03-30 12:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BDAntiRansomware

==================== Files in the root of some directories =======

2015-03-21 18:49 - 2015-03-22 10:32 - 0147298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2015-03-21 18:50 - 2015-03-22 10:32 - 0442298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2014-07-17 16:24 - 2016-06-25 08:54 - 0007680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-21 18:25 - 2015-03-21 18:25 - 0000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2015-03-21 18:36 - 2015-03-22 09:31 - 0000010 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\sponge.last.runtime.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

-----------------------------------------------------------------------------------------------------------------------

  :unsure:   Addition

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Owner (2016-07-27 09:52:32)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2014-07-07 16:26:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-676961170-3691123601-236142853-500 - Administrator - Enabled)
Guest (S-1-5-21-676961170-3691123601-236142853-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-676961170-3691123601-236142853-1004 - Limited - Disabled)
Owner (S-1-5-21-676961170-3691123601-236142853-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-676961170-3691123601-236142853-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AnyBurn (HKLM\...\AnyBurn) (Version: 3.1 - Power Software Ltd)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Digital Media Reader (HKLM\...\InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}) (Version: 2.01.00.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.00.02 - AlcorMicro) Hidden
Flash Cookie Cleaner (HKLM\...\{E4E1D7C7-6561-4462-96B5-E6439488ED41}) (Version: 2.0 - ConsumerSoft)
J2SE Runtime Environment 5.0 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150020}) (Version: 1.5.0.20 - Sun Microsystems, Inc.)
K-Lite Mega Codec Pack 10.5.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
Privacy Eraser Pro (HKLM\...\{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1) (Version: Privacy Eraser Pro 7.0 - PrivacyEraser Computing, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.96 - Realtek Semiconductor Corp.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Uniblue PowerSuite (HKLM\...\SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1) (Version:  - Uniblue)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZoneAlarm Firewall (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2014-07-25 17:11 - 2007-09-20 18:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2016-03-30 12:55 - 2016-05-16 16:25 - 01242144 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
2016-03-30 12:55 - 2015-08-14 14:49 - 00504320 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDMetrics.dll
2016-04-23 07:57 - 2016-04-15 17:11 - 00023968 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33765952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58187037.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81294670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33765952.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58187037.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81294670.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-05-26 21:02 - 2015-03-24 19:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-676961170-3691123601-236142853-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

27-04-2016 11:37:37 System Checkpoint
28-04-2016 17:39:14 System Checkpoint
30-04-2016 11:01:06 System Checkpoint
01-05-2016 17:39:09 System Checkpoint
03-05-2016 03:41:33 System Checkpoint
04-05-2016 11:00:49 System Checkpoint
05-05-2016 11:42:16 System Checkpoint
06-05-2016 12:29:10 System Checkpoint
07-05-2016 12:33:08 System Checkpoint
08-05-2016 13:14:25 System Checkpoint
10-05-2016 09:35:49 System Checkpoint
11-05-2016 04:56:30 Software Distribution Service 3.0
12-05-2016 07:20:07 System Checkpoint
13-05-2016 11:50:49 System Checkpoint
14-05-2016 17:00:25 System Checkpoint
16-05-2016 10:17:50 System Checkpoint
17-05-2016 16:46:23 System Checkpoint
18-05-2016 19:10:09 System Checkpoint
20-05-2016 09:28:52 System Checkpoint
21-05-2016 09:59:36 System Checkpoint
22-05-2016 10:13:16 System Checkpoint
23-05-2016 10:25:53 System Checkpoint
24-05-2016 12:03:10 System Checkpoint
25-05-2016 13:28:21 System Checkpoint
27-05-2016 12:23:48 System Checkpoint
29-05-2016 07:42:05 System Checkpoint
30-05-2016 09:22:13 System Checkpoint
31-05-2016 09:36:50 System Checkpoint
03-06-2016 02:56:16 System Checkpoint
04-06-2016 10:46:36 System Checkpoint
05-06-2016 14:30:08 System Checkpoint
06-06-2016 15:22:03 System Checkpoint
07-06-2016 15:57:44 System Checkpoint
08-06-2016 17:36:32 System Checkpoint
10-06-2016 07:56:13 System Checkpoint
11-06-2016 09:06:30 JRT Pre-Junkware Removal
12-06-2016 10:49:03 System Checkpoint
13-06-2016 15:25:34 System Checkpoint
15-06-2016 06:11:27 Software Distribution Service 3.0
16-06-2016 08:50:55 System Checkpoint
17-06-2016 12:13:04 System Checkpoint
19-06-2016 10:00:47 System Checkpoint
20-06-2016 12:37:29 System Checkpoint
22-06-2016 15:34:20 System Checkpoint
24-06-2016 14:07:46 System Checkpoint
27-06-2016 07:10:59 System Checkpoint
28-06-2016 12:01:37 System Checkpoint
29-06-2016 13:24:44 System Checkpoint
01-07-2016 14:06:40 System Checkpoint
03-07-2016 11:30:22 System Checkpoint
04-07-2016 12:04:04 System Checkpoint
05-07-2016 18:03:11 System Checkpoint
06-07-2016 19:10:28 System Checkpoint
08-07-2016 07:04:17 System Checkpoint
09-07-2016 10:57:50 System Checkpoint
10-07-2016 11:25:40 System Checkpoint
11-07-2016 11:30:34 System Checkpoint
13-07-2016 05:41:32 Software Distribution Service 3.0
14-07-2016 10:05:24 System Checkpoint
16-07-2016 09:25:39 System Checkpoint
18-07-2016 06:58:31 System Checkpoint
19-07-2016 07:29:58 System Checkpoint
20-07-2016 12:19:31 System Checkpoint
23-07-2016 07:05:02 System Checkpoint
24-07-2016 07:38:28 System Checkpoint
26-07-2016 08:55:38 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2016 07:19:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup(1).tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/26/2016 07:17:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/26/2016 07:14:59 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1933422429.

Error: (07/26/2016 07:14:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application setup(1).tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/14/2016 01:10:24 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 111659915.

Error: (07/14/2016 01:10:20 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 111659915.

Error: (07/14/2016 01:10:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashCookieCleaner.exe, version 2.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/14/2016 01:10:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FlashCookieCleaner.exe, version 2.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/13/2016 10:20:52 AM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 188974217.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/13/2016 10:19:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application PSANHost.exe, version 4.0.0.785, faulting module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.
Processing media-specific event for [PSANHost.exe!ws!]


System errors:
=============
Error: (07/27/2016 06:42:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32

Error: (07/27/2016 06:42:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126 = The specified module could not be found.


Error: (07/27/2016 06:37:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Protection Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/27/2016 06:37:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (07/27/2016 06:37:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/27/2016 06:37:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/27/2016 06:37:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (07/27/2016 06:13:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32

Error: (07/27/2016 06:12:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Human Interface Device Access service terminated with the following error:
%%126 = The specified module could not be found.


Error: (07/26/2016 04:56:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
epp32


==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3400+
Percentage of memory in use: 45%
Total physical RAM: 895.36 MB
Available physical RAM: 492.27 MB
Total Virtual: 2167.24 MB
Available Virtual: 1494.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:181.87 GB) (Free:30.88 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=181.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.4 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

  • 0

#3
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Do I need to close out Firefox before I run these programs ?


  • 0

#4
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Process Explorer keeps jumping around in the columns.

 

 

Process Explorer report :               The attachment is from Speccy.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    VirusTotal    Verified Signer
System Idle Process    95.31    0 K    28 K    0                
wmiprvse.exe    1.56    4,720 K    6,608 K    1956    WMI    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
procexp.exe    1.56    12,640 K    30,828 K    2484    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com        (Verified) Microsoft Corporation
Interrupts    1.56    0 K    0 K    n/a    Hardware Interrupts and DPCs            
zatray.exe        53,808 K    5,088 K    3464    ZoneAlarm    Check Point Software Technologies Ltd.        (Verified) Check Point Software Technologies Ltd.
ZAPrivacyService.exe        17,376 K    3,884 K    388    ZAPrivacyService    Check Point Software Technologies, Ltd.        (Verified) Check Point Software Technologies Ltd.
wmiprvse.exe        1,812 K    5,168 K    3256    WMI    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
winlogon.exe        5,884 K    1,684 K    164    Windows NT Logon Application    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
vsmon.exe        31,020 K    21,324 K    1252    ZoneAlarm    Check Point Software Technologies Ltd.        (Verified) Check Point Software Technologies Ltd.
unsecapp.exe        1,352 K    1,060 K    3220    WMI    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
System        0 K    80 K    4                
svchost.exe        20,792 K    13,536 K    640    Generic Host Process for Win32 Services    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
svchost.exe        3,012 K    1,600 K    444    Generic Host Process for Win32 Services    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
svchost.exe        1,912 K    1,572 K    492    Generic Host Process for Win32 Services    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
svchost.exe        1,724 K    1,452 K    744    Generic Host Process for Win32 Services    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
svchost.exe        3,524 K    1,224 K    1000    Generic Host Process for Win32 Services    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
svchost.exe        1,428 K    144 K    1188    Generic Host Process for Win32 Services    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
svchost.exe        1,620 K    236 K    3136    Generic Host Process for Win32 Services    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
SUPERANTISPYWARE.EXE        91,528 K    4,552 K    3704    SUPERAntiSpyware Application    SUPERAntiSpyware        (Verified) SUPERAntiSpyware.com
spoolsv.exe        4,108 K    1,636 K    1844    Spooler SubSystem App    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
smss.exe        180 K    68 K    1964    Windows NT Session Manager    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
services.exe        1,924 K    2,028 K    216    Services and Controller app    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
SASCore.exe        1,728 K    204 K    1236    Core Service    SUPERAntiSpyware.com        (Verified) SUPERAntiSpyware.com
rundll32.exe        2,020 K    312 K    2184    Run a DLL as an App    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
RTHDCPL.EXE        35,584 K    30,940 K    1952    Realtek HD Audio Control Panel    Realtek Semiconductor Corp.        (Verified) Microsoft Windows Hardware Compatibility Publisher
readericon45G.exe        2,028 K    400 K    2864    Sunkist    Alcor Micro, Corp.        (No signature was present in the subject) Alcor Micro, Corp.
PSUAService.exe        13,100 K    264 K    1740    PSUAService    Panda Security, S.L.        (Verified) Panda Security S.L
PSUAMain.exe        26,400 K    436 K    3620    AV Console    Panda Security, S.L.        (Verified) Panda Security S.L
PSANHost.exe        131,240 K    22,612 K    1644    Application Host Service    Panda Security, S.L.        (Verified) Panda Security S.L
PDVDServ.exe        888 K    324 K    2096    PowerDVD RC Service    Cyberlink Corp.        (No signature was present in the subject) Cyberlink Corp.
nvsvc32.exe        2,068 K    388 K    1676    NVIDIA Driver Helper Service, Version 81.33    NVIDIA Corporation        (Verified) Microsoft Windows Hardware Compatibility Publisher
notepad.exe        1,020 K    512 K    3736    Notepad    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
mbae-svc.exe        9,124 K    1,892 K    1012    Malwarebytes Anti-Exploit Service    Malwarebytes Corporation        (Verified) Malwarebytes Corporation
mbae.exe        10,968 K    13,468 K    1440    Malwarebytes Anti-Exploit    Malwarebytes Corporation        (Verified) Malwarebytes Corporation
lsass.exe        4,308 K    2,564 K    232    LSA Shell (Export Version)    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
explorer.exe        25,080 K    12,996 K    1392    Windows Explorer    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
ctfmon.exe        1,220 K    1,480 K    3844    CTF Loader    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
csrss.exe        2,016 K    2,612 K    2040    Client Server Runtime Process    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
CCleaner.exe        20,604 K    19,612 K    1040    CCleaner    Piriform Ltd        (Verified) Piriform Ltd
BDAntiRansomware.exe        21,264 K    25,384 K    1056                (Verified) Bitdefender SRL
alg.exe        1,224 K    148 K    3520    Application Layer Gateway Service    Microsoft Corporation        (Verified) Microsoft Windows Component Publisher
AgentSvc.exe        11,632 K    3,988 K    1692    Agent Service    Panda Security, S.L.        (Verified) Panda Security S.L
 

Attached Files


Edited by koolkat1939, 27 July 2016 - 06:34 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Uninstall Java.  Yours is ancient and very dangerous.
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
 
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
The disk check will run and will probably take an hour or more to finish.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Make another Speccy log and attach it.
 

  • 0

#6
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

:upset:  Sorry it took so long to reply. The disk check took 17 hours to scan my computer. I uninstalled Java.

 

The attachment is the new Speccy log.

 

 

Here is the VEW.exe  system report :

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/07/2016 11:31:56 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/07/2016 11:01:56 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  epp32

Log: 'System' Date/Time: 28/07/2016 11:01:18 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error:  The specified module could not be found.  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

An here is the VEW.exe  Application report :

 

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/07/2016 11:36:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/07/2016 6:37:24 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user YOUR-CF6AE05ECC\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
 

 

 

 

 

 

 

 

Attached Files


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

Apparently your Panda comes with its own firewall so you can do without Zone Alarm.

 

FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

 

I would also uninstall SuperAntiSpyware since you have MBAM.
 

 

Log: 'Application' Date/Time: 27/07/2016 6:37:24 PM
Type: warning Category: 0
Event: 1517 Source: Userenv

 

Windows saved user YOUR-CF6AE05ECC\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

 

Download UPHClean. To download and install UPHClean, visit http://www.majorgeeks.com/files/details/microsoft_user_profile_hive_cleanup_service.html 

    As soon as you have downloaded the UPHClean installer (UPHClean-Setup.msi), double-click the installer to begin the installation.
    In the User Profile Hive Cleanup Service installation wizard, click Next.
    In the License Agreement page, read the license agreement, select I Agree, and then click Next.
    In the Select Installation Folder page, click Next.
    In the Confirm Installation page, click Next.
    When UPHClean is installed, click Close.
 
    Note UPHClean runs as a service in Windows and will start automatically every time that Windows starts.
    To confirm that UPHClean is installed and running, click Start, and then click Run.
    In Open box, type the following text, and then click OK:
 
    services.msc
    In Services, in the Name column, locate User Profile Hive Cleanup. In the Status column, confirm that the User Profile Hive Cleanup service is Started.
 
Log: 'System' Date/Time: 28/07/2016 11:01:56 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  epp32

Log: 'System' Date/Time: 28/07/2016 11:01:18 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Human Interface Device Access service terminated with the following error:  The specified module could not be found.

 

 
We can fix these and remove some trash with a fixlist
 
 
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   5.07KB   36 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
Right click on My Computer and select Manage then Device Manager.  Find your mouse (In win 7 it's under Mice & Other Pointing Devices).  Right click on it and select Properties.  
If you have a tab called Power Management, click on it and uncheck All the Computer to turn off this Device to Save Power..
 
 
 
 

  • 0

#8
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

I kept Zone Alarm because Panda Firewall isn't free and I can't afford it right now. I uninstalled SuperAntiSpyware.  There is no Power Management listed under Properties. All it says is General (Tab) Mice & Other Pointing Devices. :no: Something new pop up under Device Manager  that looks suspicious it says Other devices with a "?" and under that it says Unknown device with a yellow "?!"

 

Should I try to uninstall the Unknown device ?

 

 

Also here is the FRST log :

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by Owner (administrator) on YOUR-CF6AE05ECC (29-07-2016 07:43:27)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Alcor Micro, Corp.) C:\Program Files\Digital Media Reader\readericon45G.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14820864 2005-09-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [readericon] => C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-12-09] (Alcor Micro, Corp.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [BDAntiCryptoLocker] => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [1242144 2016-05-16] ()
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0A0959AE-0881-49E2-93CD-40CF9768F46D}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-676961170-3691123601-236142853-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1410404456937

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-16]
FF Extension: CS Lite Mod - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-04-28]
FF Extension: BetterPrivacy - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-06]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\extensions\[email protected] [2016-07-03]
FF Extension: Ghostery - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\[email protected] [2016-07-09]
FF Extension: Adblock Plus - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-12] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2014-07-07] (Windows ® 2000 DDK provider) [File not signed]
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34048 2005-07-29] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2005-07-29] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [24688 2016-07-26] ()
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [540112 2016-03-24] (Check Point Software Technologies Ltd.)
S3 asdids; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-29 07:43 - 2016-07-29 07:45 - 00013594 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-07-29 07:39 - 2015-05-22 01:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-07-29 07:25 - 2016-07-29 07:25 - 00006291 _____ C:\Documents and Settings\Owner\Desktop\Fixlog.txt
2016-07-29 07:18 - 2016-07-29 07:18 - 00000000 ____D C:\Program Files\UPHClean
2016-07-29 07:14 - 2016-07-29 07:14 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\New Folder
2016-07-29 07:12 - 2016-07-29 07:13 - 00003309 _____ C:\Documents and Settings\Owner\Desktop\instructions 2.txt
2016-07-29 06:44 - 2016-07-29 06:44 - 00430080 _____ C:\Documents and Settings\Owner\Desktop\UPHClean-Setup.msi
2016-07-28 11:31 - 2016-07-28 11:36 - 00000870 _____ C:\VEW.txt
2016-07-28 11:23 - 2016-07-28 11:23 - 00061440 _____ ( ) C:\Documents and Settings\Owner\Desktop\VEW.exe
2016-07-27 18:14 - 2016-07-27 18:14 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Sun
2016-07-27 17:11 - 2016-07-27 17:11 - 00126546 _____ C:\Documents and Settings\Owner\My Documents\YOUR-CF6AE05ECC.txt
2016-07-27 17:02 - 2016-07-27 17:02 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-07-27 17:02 - 2016-07-27 17:02 - 00000000 ____D C:\Program Files\Speccy
2016-07-27 17:02 - 2016-07-27 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2016-07-27 16:59 - 2016-07-27 16:59 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Owner\Desktop\procexp.exe
2016-07-27 16:57 - 2016-07-27 16:58 - 05111240 _____ (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\spsetup129.exe
2016-07-27 09:36 - 2016-07-27 09:37 - 01744384 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-07-06 08:11 - 2016-07-06 08:11 - 00001060 _____ C:\stop sign.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-29 07:45 - 2014-11-17 19:34 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-07-29 07:43 - 2016-06-20 09:19 - 00000000 ____D C:\FRST
2016-07-29 07:41 - 2014-07-07 20:58 - 00000000 ____D C:\WINDOWS\system32\Lang
2016-07-29 07:41 - 2014-07-07 09:32 - 00030277 _____ C:\WINDOWS\system32\nvapps.xml
2016-07-29 07:38 - 2004-08-26 11:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-29 07:36 - 2015-05-17 09:09 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2016-07-29 07:36 - 2015-03-16 14:21 - 17498112 _____ C:\WINDOWS\system32\config\Nano.evt
2016-07-29 07:36 - 2004-08-26 11:09 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-07-29 07:25 - 2016-01-20 19:22 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-07-29 07:13 - 2016-06-23 12:05 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\v
2016-07-29 07:06 - 2014-08-02 17:51 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-29 06:56 - 2004-08-26 11:09 - 00000000 ____D C:\Documents and Settings\Owner
2016-07-29 06:55 - 2015-02-20 11:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-29 06:10 - 2014-08-01 17:27 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Macromedia
2016-07-29 06:07 - 2014-11-18 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-07-29 06:07 - 2014-08-04 18:04 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-07-29 06:06 - 2014-09-01 12:12 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-28 17:12 - 2015-01-13 18:10 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Commercials
2016-07-27 17:11 - 2005-07-19 18:40 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2016-07-26 17:16 - 2014-02-18 16:34 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Michael's Stuff
2016-07-26 07:30 - 2014-08-26 19:07 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-25 19:09 - 2016-05-09 12:19 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 4
2016-07-25 19:01 - 2015-11-28 13:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 3
2016-07-25 19:01 - 2005-07-19 18:40 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Music
2016-07-25 18:59 - 2015-06-11 08:32 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Music 2
2016-07-25 15:07 - 2014-08-02 18:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2016-07-21 20:04 - 2014-07-08 05:44 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2016-07-20 12:49 - 2014-08-13 07:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-07-17 18:24 - 2014-09-23 17:59 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2016-07-17 18:23 - 2014-08-03 18:32 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-17 18:23 - 2014-08-03 18:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-17 18:23 - 2004-08-26 11:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-13 06:11 - 2004-08-26 09:12 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-07-13 05:53 - 2014-07-08 05:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-13 05:44 - 2014-07-08 05:56 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-21 18:49 - 2015-03-22 10:32 - 0147298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
2015-03-21 18:50 - 2015-03-22 10:32 - 0442298 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
2014-07-17 16:24 - 2016-06-25 08:54 - 0007680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-21 18:25 - 2015-03-21 18:25 - 0000036 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
2015-03-21 18:36 - 2015-03-22 09:31 - 0000010 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\sponge.last.runtime.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

Addition log :

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2016
Ran by Owner (2016-07-29 07:45:54)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2014-07-07 16:26:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-676961170-3691123601-236142853-500 - Administrator - Enabled)
Guest (S-1-5-21-676961170-3691123601-236142853-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-676961170-3691123601-236142853-1004 - Limited - Disabled)
Owner (S-1-5-21-676961170-3691123601-236142853-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-676961170-3691123601-236142853-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AnyBurn (HKLM\...\AnyBurn) (Version: 3.1 - Power Software Ltd)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
CleanUp! (HKLM\...\CleanUp!) (Version:  - )
Digital Media Reader (HKLM\...\InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}) (Version: 2.01.00.02 - AlcorMicro)
Digital Media Reader (Version: 2.01.00.02 - AlcorMicro) Hidden
Flash Cookie Cleaner (HKLM\...\{E4E1D7C7-6561-4462-96B5-E6439488ED41}) (Version: 2.0 - ConsumerSoft)
K-Lite Mega Codec Pack 10.5.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Power2Go 4.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
Privacy Eraser Pro (HKLM\...\{F7AD1EF2-2670-40C2-A541-939265AF2F18}_is1) (Version: Privacy Eraser Pro 7.0 - PrivacyEraser Computing, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.96 - Realtek Semiconductor Corp.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Uniblue PowerSuite (HKLM\...\SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1) (Version:  - Uniblue)
Unlocker 1.9.0 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
User Profile Hive Cleanup Service (HKLM\...\{7D15B945-2725-4443-AB3F-D900556612FE}) (Version: 1.6.36 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
ZoneAlarm Firewall (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 14.1.057.000 - Check Point)
ZoneAlarm Security (Version: 14.1.057.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Owner\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com

==================== Loaded Modules (Whitelisted) ==============

2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2016-03-30 12:55 - 2016-05-16 16:25 - 01242144 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
2016-03-30 12:55 - 2015-08-14 14:49 - 00504320 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDMetrics.dll
2016-04-23 07:57 - 2016-04-15 17:11 - 00023968 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-676961170-3691123601-236142853-1003\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-05-26 21:02 - 2015-03-24 19:06 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-676961170-3691123601-236142853-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe] => Enabled:True Vector
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Restore Points =========================

30-04-2016 11:01:06 System Checkpoint
01-05-2016 17:39:09 System Checkpoint
03-05-2016 03:41:33 System Checkpoint
04-05-2016 11:00:49 System Checkpoint
05-05-2016 11:42:16 System Checkpoint
06-05-2016 12:29:10 System Checkpoint
07-05-2016 12:33:08 System Checkpoint
08-05-2016 13:14:25 System Checkpoint
10-05-2016 09:35:49 System Checkpoint
11-05-2016 04:56:30 Software Distribution Service 3.0
12-05-2016 07:20:07 System Checkpoint
13-05-2016 11:50:49 System Checkpoint
14-05-2016 17:00:25 System Checkpoint
16-05-2016 10:17:50 System Checkpoint
17-05-2016 16:46:23 System Checkpoint
18-05-2016 19:10:09 System Checkpoint
20-05-2016 09:28:52 System Checkpoint
21-05-2016 09:59:36 System Checkpoint
22-05-2016 10:13:16 System Checkpoint
23-05-2016 10:25:53 System Checkpoint
24-05-2016 12:03:10 System Checkpoint
25-05-2016 13:28:21 System Checkpoint
27-05-2016 12:23:48 System Checkpoint
29-05-2016 07:42:05 System Checkpoint
30-05-2016 09:22:13 System Checkpoint
31-05-2016 09:36:50 System Checkpoint
03-06-2016 02:56:16 System Checkpoint
04-06-2016 10:46:36 System Checkpoint
05-06-2016 14:30:08 System Checkpoint
06-06-2016 15:22:03 System Checkpoint
07-06-2016 15:57:44 System Checkpoint
08-06-2016 17:36:32 System Checkpoint
10-06-2016 07:56:13 System Checkpoint
11-06-2016 09:06:30 JRT Pre-Junkware Removal
12-06-2016 10:49:03 System Checkpoint
13-06-2016 15:25:34 System Checkpoint
15-06-2016 06:11:27 Software Distribution Service 3.0
16-06-2016 08:50:55 System Checkpoint
17-06-2016 12:13:04 System Checkpoint
19-06-2016 10:00:47 System Checkpoint
20-06-2016 12:37:29 System Checkpoint
22-06-2016 15:34:20 System Checkpoint
24-06-2016 14:07:46 System Checkpoint
27-06-2016 07:10:59 System Checkpoint
28-06-2016 12:01:37 System Checkpoint
29-06-2016 13:24:44 System Checkpoint
01-07-2016 14:06:40 System Checkpoint
03-07-2016 11:30:22 System Checkpoint
04-07-2016 12:04:04 System Checkpoint
05-07-2016 18:03:11 System Checkpoint
06-07-2016 19:10:28 System Checkpoint
08-07-2016 07:04:17 System Checkpoint
09-07-2016 10:57:50 System Checkpoint
10-07-2016 11:25:40 System Checkpoint
11-07-2016 11:30:34 System Checkpoint
13-07-2016 05:41:32 Software Distribution Service 3.0
14-07-2016 10:05:24 System Checkpoint
16-07-2016 09:25:39 System Checkpoint
18-07-2016 06:58:31 System Checkpoint
19-07-2016 07:29:58 System Checkpoint
20-07-2016 12:19:31 System Checkpoint
23-07-2016 07:05:02 System Checkpoint
24-07-2016 07:38:28 System Checkpoint
26-07-2016 08:55:38 System Checkpoint
27-07-2016 12:46:14 System Checkpoint
27-07-2016 18:14:39 Removed J2SE Runtime Environment 5.0 Update 2
29-07-2016 07:18:36 Installed User Profile Hive Cleanup Service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3400+
Percentage of memory in use: 51%
Total physical RAM: 895.36 MB
Available physical RAM: 432.7 MB
Total Virtual: 2167.24 MB
Available Virtual: 1680.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:181.87 GB) (Free:31.07 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=181.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.4 GB) - (Type=0B)

==================== End of Addition.txt ============================


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

If you click on the + in front of Mice & Other Pointing Devices do you see a mouse driver appear?  What is it?

 

No point in uninstalling the unknown device - it will just come back.  Let's see what it is:

 

Right click on My Computer and select Manage and then Device Manager then View, Show Hidden Drivers.  Now look in the right pane for yellow flagged devices.  Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.

 

You can also uninstall Uniblue PowerSuite.  It's not a recommended product and can do some serious damage to your system.

 

We don't need Speccy any more so you can uninstall it too.


  • 0

#10
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Mouse Driver is HID - compliant mouse .Driver File Details  C:\WINDOWS\system32\DRIVERS\mouclass.sys

                                                                                             C:\WINDOWS\system32\DRIVERS\mouhid.sys

 

Under Details tab :  HID\VID_093A&0&0000

 

---------------------------------------------------------------------------------------------------------------------------------------

 

The only yellow flagged is the one I mentioned .  Under Hardware IDs it says nothing but Unknown device but

when I select Device Instance Id it says ROOT\LEGACY_SASKUTIL\0000.

 

OemReset won't go away unless I use Uniblue.Uniblue keeps OemReset.exe from starting up. If I uninstall Uniblue I won't be able to use my computer.

 

I'll uninstall Speccy .


Edited by koolkat1939, 29 July 2016 - 12:05 PM.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP

OK.  ROOT\LEGACY_SASKUTIL\0000 is a remnant from SuperAntiSpyware.  It may go away if you right click on the unknown device and uninstall it then reboot.  If not I know where it hides in the registry.

 

As far as stopping oemreset it can be stopped with msconfig  (start, Run, msconfig, OK) then look under startup.

 

I dug through the msconfig and also did a little sleuthing. The process was indeed a bit of startup software and at first all I found was the shortcut to it. Once I deleted the shortcut, absolutely everything that was happening at startup, including the SoftThinks program and the device manager, simply didn't start, just from one shortcut. So I undeleted it and found that several programs were in the C:\WINDOWS\OPTIONS directory that were all related to this stuff. It might be a little preemptive, but I deleted everything in that folder. I compared it to the Options folder on my wifes desktop before ruthlessly deleting it all and found the only discrepancy to be a lack of a CABS folder. The audit mode errors haven't appeared since then,

 

 

 You can also look for it with autoruns:

 

 

 
Download Save and Run the program .   To stop something from booting you just uncheck it.  
 
Windows\Options is a hidden system folder so you may need to:
 
Double-click on the My Computer icon.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button
 
Since it's in startup you should be able to bypass it by booting into Safe Mode:
 
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 
Then run msconfig and uncheck the item that calls it.
 
The Hardware ID for your mouse is pretty rare.  Is there something special about this mouse?  Does it have a make and model number?  Is this one with a  big round connector, a little round connector or a USB connector?  Often you can fix a defective device by simply right clicking on it in device manager and then Uninstalling it.  (Do not remove any drivers if it asks you).  Once you reboot, XP will reinstall it and hopefully get it right this time.
 
 
 
 

  • 0

#12
koolkat1939

koolkat1939

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

:spoton: Yep that was part of SuperAntiSpyware. I uninstalled it. Thanks for the tip on OemReset. I used msconfig to fix it and so I uninstalled Uniblue without any problems.

 

 

I already tried all that stuff with the mouse. I even bought a new mouse last year. It is a USB mouse with the laser light. I can't remember the make or model number of the mouse.  Anyway I'm positive it is a Virus or Malware because it also messes with my fan and with whatever Anti-Virus or Anti-Spyware I try.


Edited by koolkat1939, 29 July 2016 - 06:09 PM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingc...opic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
  •  

     
    Download aswMBR.exe  to your desktop.
    Double click aswMBR.exe 
    uncheck trace disk IO calls
    Click the "Scan" button to start scan (Accept the Avast Engine)
    On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
    If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
     
    ComboFix
     
    :!: It must be saved to your desktop, do not run it from your browser:!:
     
    :!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
     
     
    Download and Save this file --  to your Desktop -- from either of these two sources:
     
    Double click on ComboFix to start the program.  
     
     
     
        * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
        
        
        * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
     
    A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
     
    A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
     
     
    Download TDSSKiller:
    Save it to your desktop then run it.
    Double click on TDSSKiller.exe and to start the program.  
     
    If TDSSKiller alerts you that the system needs to reboot, please consent.
     
    Run TDSSKiller again but this time:
    before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
    In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
    When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
     
     

    • 0

    #14
    koolkat1939

    koolkat1939

      Member

    • Topic Starter
    • Member
    • PipPip
    • 27 posts

    OK here are my logs. After I ran aswMBR.exe it created a MBR.dat . What do I do with that ? An after I ran ComboFix it created a Internet Explorer on my desk top . What do I do with that ?  TDSSKiller said  UPHClean was bad . I figured it was a false positive so I skipped it.

     

    :yes:   GMER log :

     

    GMER 2.2.19882 - http://www.gmer.net
    Rootkit scan 2016-07-30 00:42:38
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDT722520DLAT80 rev.V44OA96A 186.31GB
    Running: 9ik17ki1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afrdqaod.sys


    ---- System - GMER 2.2 ----

    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwConnectPort [0xF3F19734]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateFile [0xF3F12EFC]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateKey [0xF3F34E80]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreatePort [0xF3F19F48]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateProcess [0xF3F2EBDC]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateProcessEx [0xF3F2F010]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateSection [0xF3F39678]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwCreateWaitablePort [0xF3F1A0B2]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDeleteFile [0xF3F13C3C]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDeleteKey [0xF3F36974]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDeleteValueKey [0xF3F36226]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwDuplicateObject [0xF3F2D996]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwLoadDriver [0xF3F0D63E]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwLoadKey [0xF3F37406]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwLoadKey2 [0xF3F37644]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwMapViewOfSection [0xF3F39A42]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwOpenFile [0xF3F137EC]
    SSDT            \SystemRoot\system32\DRIVERS\PSINReg.sys                          ZwOpenKey [0xB9C62592]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwOpenProcess [0xF3F31144]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwOpenThread [0xF3F30D36]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwProtectVirtualMemory [0xF3F46D8C]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwRenameKey [0xF3F384DE]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwReplaceKey [0xF3F37DC0]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwRequestWaitReplyPort [0xF3F1930E]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwRestoreKey [0xF3F38F52]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSecureConnectPort [0xF3F19A2E]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetInformationFile [0xF3F14048]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetInformationObject [0xF3F46C44]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetSecurityObject [0xF3F38A68]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetSystemInformation [0xF3F0CCF0]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSetValueKey [0xF3F35946]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwSystemDebugControl [0xF3F2FD32]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwTerminateProcess [0xF3F2FA56]
    SSDT            \SystemRoot\System32\vsdatant.sys                                 ZwUnloadDriver [0xF3F0DAC2]
    SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                   ZwUnloadKey [0xB95FF75C]

    ---- Kernel code sections - GMER 2.2 ----

    .text           ntkrnlpa.exe!ZwCallbackReturn + 24DC                              80501D38 12 Bytes  [48, 9F, F1, F3, DC, EB, F2, ...]
    .text           ntkrnlpa.exe!ZwCallbackReturn + 25A8                              80501E04 12 Bytes  [3E, D6, F0, F3, 06, 74, F3, ...]
    .text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                          section is writeable [0xF6DAD360, 0x1FE48D, 0xE8000020]
    ?               C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                       The system cannot find the file specified. !

    ---- User code sections - GMER 2.2 ----

    .text           C:\9ik17ki1.exe[2344] ntdll.dll!NtRaiseHardError                  7C90D9BE 5 Bytes  JMP 10001040 C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll
    .text           C:\WINDOWS\system32\wscntfy.exe[3560] ntdll.dll!NtRaiseHardError  7C90D9BE 5 Bytes  JMP 10001040 C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll

    ---- Devices - GMER 2.2 ----

    Device          \Driver\Tcpip \Device\Ip                                          vsdatant.sys

    AttachedDevice  \Driver\Tcpip \Device\Ip                                          NNSPihs.sys

    Device          \Driver\Tcpip \Device\Tcp                                         vsdatant.sys

    AttachedDevice  \Driver\Tcpip \Device\Tcp                                         NNSPihs.sys

    Device          \Driver\Tcpip \Device\Udp                                         vsdatant.sys

    AttachedDevice  \Driver\Tcpip \Device\Udp                                         NNSPihs.sys

    Device          \Driver\Tcpip \Device\RawIp                                       vsdatant.sys

    AttachedDevice  \Driver\Tcpip \Device\RawIp                                       NNSPihs.sys

    Device          \Driver\Tcpip \Device\IPMULTICAST                                 vsdatant.sys

    AttachedDevice  \FileSystem\Fastfat \Fat                                          fltmgr.sys

    ---- Disk sectors - GMER 2.2 ----

    Disk            \Device\Harddisk0\DR0                                             unknown MBR code

    ---- EOF - GMER 2.2 ----
     

     

    ------------------------------------------------------------------------------------------------------------------------------------------------------------

     

    :yes:  aswMBR log :

     

     

    aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
    Run date: 2016-07-30 06:26:07
    -----------------------------
    06:26:07.171    OS Version: Windows 5.1.2600 Service Pack 3
    06:26:07.171    Number of processors: 1 586 0x2F02
    06:26:07.187    ComputerName: YOUR-CF6AE05ECC  UserName: Owner
    06:26:10.609    Initialize success
    06:26:11.359    VM: initialized successfully
    06:26:11.359    VM: Amd CPU virtualization not supported
    06:29:59.562    AVAST engine defs: 16073000
    06:31:12.093    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    06:31:12.093    Disk 0 Vendor: HDT722520DLAT80 V44OA96A Size: 190782MB BusType: 3
    06:31:12.453    Disk 0 MBR read successfully
    06:31:12.453    Disk 0 MBR scan
    06:31:12.625    Disk 0 unknown MBR code
    06:31:21.187    Disk 0 PE file @ sector 390704852/390721968
    06:31:21.203    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       186230 MB offset 9317700
    06:31:21.250    Disk 0 default boot code
    06:31:21.328    Disk 0 Partition 2 00     0B          FAT32 RECOVERY     4549 MB offset 63
    06:31:21.359    Disk 0 scanning sectors +390716865
    06:31:21.671    Disk 0 scanning C:\WINDOWS\system32\drivers
    06:32:11.796    Service scanning
    06:33:13.281    Modules scanning
    06:33:15.953    AVAST engine scan C:\WINDOWS
    06:33:31.468    AVAST engine scan C:\WINDOWS\system32
    06:43:59.562    AVAST engine scan C:\WINDOWS\system32\drivers
    06:44:43.500    AVAST engine scan C:\Documents and Settings\Owner
    07:43:13.812    File: C:\Documents and Settings\Owner\My Documents\New Folder\Free Any Burn 1.4\freeanyburn_setup.exe  **INFECTED** Win32:Malware-gen
    07:48:00.687    File: C:\Documents and Settings\Owner\My Documents\Tools & Programs\Free Any Burn 1.4\freeanyburn_setup.exe  **INFECTED** Win32:Malware-gen
    07:48:20.687    AVAST engine scan C:\Documents and Settings\All Users
    07:51:50.859    Disk 0 statistics 2866287/0/0 @ 0.62 MB/s
    07:51:50.875    Scan finished successfully
    07:59:06.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    07:59:06.296    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

     

    ---------------------------------------------------------------------------------------------------------------------------------------------------------

     

    :yes:  ComboFix  log :

     

     

    ComboFix 16-07-25.01 - Owner 07/30/2016   8:26.1.1 - x86
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.895.554 [GMT -7:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: Panda Free Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    FW: Panda Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
    c:\windows\Update.bat
    .
    .
    (((((((((((((((((((((((((   Files Created from 2016-06-28 to 2016-07-30  )))))))))))))))))))))))))))))))
    .
    .
    2016-07-30 02:11 . 2016-07-30 02:12    380928    ----a-w-    C:\9ik17ki1.exe
    2016-07-29 23:29 . 2015-05-22 08:45    50832    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
    2016-07-29 14:18 . 2016-07-29 14:18    --------    d-----w-    c:\program files\UPHClean
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-07-29 21:50 . 2014-09-01 19:12    121560    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2016-07-29 21:49 . 2014-08-03 00:51    170200    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-07-26 14:30 . 2014-08-27 02:07    24688    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
    2016-07-18 01:23 . 2014-08-04 01:32    796352    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2016-07-18 01:23 . 2014-08-04 01:32    142528    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-14 14820864]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
    "Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2016-06-02 2623456]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
    "readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
    "nwiz"="nwiz.exe" [2005-09-18 1519616]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
    "PSUAMain"="c:\program files\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-10-22 54520]
    "BDAntiCryptoLocker"="c:\program files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe" [2016-05-16 1242144]
    "ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2016-03-24 134480]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    "MaxGPOScriptWait"= 600 (0x258)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Oemreset.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Oemreset.lnk
    backup=c:\windows\pss\Oemreset.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^_uninst_.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\_uninst_.lnk
    backup=c:\windows\pss\_uninst_.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2013-04-22 04:43    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 12:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2013-05-01 10:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2010-07-04 19:51    17408    ----a-w-    c:\program files\Unlocker\UnlockerAssistant.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    .
    R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [11/15/2015 6:30 PM 50016]
    R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [7/9/2015 8:37 AM 87032]
    R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [7/9/2015 8:37 AM 202104]
    R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [7/9/2015 8:37 AM 109688]
    R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [7/9/2015 8:37 AM 121720]
    R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [7/9/2015 8:37 AM 102264]
    R1 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [7/9/2015 8:37 AM 52088]
    R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [7/9/2015 8:37 AM 120568]
    R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [7/9/2015 8:37 AM 281720]
    R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [7/9/2015 8:37 AM 209016]
    R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [7/9/2015 8:37 AM 108408]
    R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [7/9/2015 8:37 AM 240376]
    R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [7/9/2015 8:37 AM 94968]
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [7/19/2015 9:46 AM 172792]
    R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [11/15/2015 6:30 PM 742368]
    R2 NanoServiceMain;Panda Protection Service;c:\program files\Panda Security\Panda Security Protection\PSANHost.exe [10/18/2015 2:32 AM 142072]
    R2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2/22/2016 6:24 PM 73176]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [7/19/2015 9:46 AM 140792]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/19/2015 9:46 AM 103288]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [7/19/2015 9:46 AM 114680]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/19/2015 9:46 AM 125176]
    R2 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [7/19/2015 9:46 AM 100600]
    R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Security Protection\PSUAService.exe [10/22/2015 9:42 AM 38136]
    R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/19/2015 10:22 AM 96272]
    R3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [5/20/2015 3:18 AM 55216]
    R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [7/29/2016 4:29 PM 50832]
    S3 asdids;Anvisoft Intrusion Detection System Service; [x]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    *Deregistered* - aswVmm
    *Deregistered* - uphcleanhlp
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.yahoo.com/
    mStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\41qyd9cm.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-mbamchameleon
    MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2016-07-30 08:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\5AHSH54OwLwn]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\.Default\Software\Locky]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\LocalService\Software\5AHSH54OwLwn]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\LocalService\Software\Locky]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\LocalService_Classes\Software\5AHSH54OwLwn]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\LocalService_Classes\Software\Locky]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-20\Software\5AHSH54OwLwn]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-20\Software\Locky]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-20_Classes\Software\5AHSH54OwLwn]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-20_Classes\Software\Locky]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\5AHSH54OwLwn]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\Locky]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\5AHSH54OwLwn]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\Locky]
    @Denied: (B 2 3) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2016-07-30  08:45:23
    ComboFix-quarantined-files.txt  2016-07-30 15:45
    .
    Pre-Run: 33,002,393,600 bytes free
    Post-Run: 33,421,250,560 bytes free
    .
    - - End Of File - - AAACF4017E191E165E1FD716EDDF7E7E
    620801C51A4A223B7167BE50689BA748
     

    --------------------------------------------------------------------------------------------------------------------------------------------------------

     

    :yes:  TDSSKiller log :

     

     

    08:56:43.0000 0x0e44  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
    08:57:17.0500 0x0e44  ============================================================
    08:57:17.0500 0x0e44  Current date / time: 2016/07/30 08:57:17.0500
    08:57:17.0500 0x0e44  SystemInfo:
    08:57:17.0500 0x0e44  
    08:57:17.0500 0x0e44  OS Version: 5.1.2600 ServicePack: 3.0
    08:57:17.0500 0x0e44  Product type: Workstation
    08:57:17.0500 0x0e44  ComputerName: YOUR-CF6AE05ECC
    08:57:17.0500 0x0e44  UserName: Owner
    08:57:17.0500 0x0e44  Windows directory: C:\WINDOWS
    08:57:17.0500 0x0e44  System windows directory: C:\WINDOWS
    08:57:17.0500 0x0e44  Processor architecture: Intel x86
    08:57:17.0500 0x0e44  Number of processors: 1
    08:57:17.0500 0x0e44  Page size: 0x1000
    08:57:17.0500 0x0e44  Boot type: Normal boot
    08:57:17.0500 0x0e44  ============================================================
    08:57:20.0812 0x0e44  KLMD registered as C:\WINDOWS\system32\drivers\12226946.sys
    08:57:22.0281 0x0e44  System UUID: {15358A07-42A6-9E23-7143-6D9408802CA4}
    08:57:25.0406 0x0e44  Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 ( 186.31 Gb ), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    08:57:25.0640 0x0e44  ============================================================
    08:57:25.0640 0x0e44  \Device\Harddisk0\DR0:
    08:57:25.0640 0x0e44  MBR partitions:
    08:57:25.0640 0x0e44  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8E2D44, BlocksNum 0x16BBB07D
    08:57:25.0640 0x0e44  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x8E2D05
    08:57:25.0640 0x0e44  ============================================================
    08:57:25.0687 0x0e44  C: <-> \Device\Harddisk0\DR0\Partition1
    08:57:25.0687 0x0e44  D: <-> \Device\Harddisk0\DR0\Partition2
    08:57:25.0687 0x0e44  ============================================================
    08:57:25.0687 0x0e44  Initialize success
    08:57:25.0687 0x0e44  ============================================================
    08:59:19.0890 0x1fe0  ============================================================
    08:59:19.0890 0x1fe0  Scan started
    08:59:19.0890 0x1fe0  Mode: Manual; SigCheck; TDLFS;
    08:59:19.0890 0x1fe0  ============================================================
    08:59:19.0890 0x1fe0  KSN ping started
    08:59:33.0468 0x1fe0  KSN ping finished: true
    08:59:34.0281 0x1fe0  ================ Scan system memory ========================
    08:59:34.0281 0x1fe0  System memory - ok
    08:59:34.0296 0x1fe0  ================ Scan services =============================
    08:59:34.0625 0x1fe0  Abiosdsk - ok
    08:59:34.0671 0x1fe0  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    08:59:35.0031 0x1fe0  abp480n5 - ok
    08:59:35.0265 0x1fe0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
    08:59:35.0421 0x1fe0  ACPI - ok
    08:59:35.0468 0x1fe0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
    08:59:35.0593 0x1fe0  ACPIEC - ok
    08:59:35.0640 0x1fe0  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    08:59:35.0812 0x1fe0  adpu160m - ok
    08:59:35.0890 0x1fe0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
    08:59:36.0031 0x1fe0  aec - ok
    08:59:36.0125 0x1fe0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
    08:59:36.0187 0x1fe0  AFD - ok
    08:59:36.0625 0x1fe0  [ B7D2103EB2ECB765B2B7106BAD089AB1, 5526BEA4C10B132CD351C05873DB0E721D7FF87EE5452AF0AAC1C0293EA97E8C ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    08:59:37.0437 0x1fe0  AgereSoftModem - ok
    08:59:37.0484 0x1fe0  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
    08:59:37.0625 0x1fe0  agp440 - ok
    08:59:37.0640 0x1fe0  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    08:59:37.0781 0x1fe0  agpCPQ - ok
    08:59:37.0812 0x1fe0  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
    08:59:37.0859 0x1fe0  Aha154x - ok
    08:59:37.0890 0x1fe0  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    08:59:38.0031 0x1fe0  aic78u2 - ok
    08:59:38.0062 0x1fe0  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    08:59:38.0187 0x1fe0  aic78xx - ok
    08:59:38.0234 0x1fe0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
    08:59:38.0359 0x1fe0  Alerter - ok
    08:59:38.0406 0x1fe0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
    08:59:38.0546 0x1fe0  ALG - ok
    08:59:38.0578 0x1fe0  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
    08:59:38.0687 0x1fe0  AliIde - ok
    08:59:38.0734 0x1fe0  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
    08:59:38.0843 0x1fe0  alim1541 - ok
    08:59:38.0859 0x1fe0  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
    08:59:38.0968 0x1fe0  amdagp - ok
    08:59:38.0984 0x1fe0  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
    08:59:39.0062 0x1fe0  amsint - ok
    08:59:39.0062 0x1fe0  AppMgmt - ok
    08:59:39.0093 0x1fe0  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
    08:59:39.0234 0x1fe0  asc - ok
    08:59:39.0250 0x1fe0  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    08:59:39.0312 0x1fe0  asc3350p - ok
    08:59:39.0343 0x1fe0  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
    08:59:39.0500 0x1fe0  asc3550 - ok
    08:59:39.0546 0x1fe0  [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
    08:59:39.0578 0x1fe0  ASCTRM - detected UnsignedFile.Multi.Generic ( 1 )
    08:59:42.0015 0x1fe0  Detect skipped due to KSN trusted
    08:59:42.0015 0x1fe0  ASCTRM - ok
    08:59:42.0031 0x1fe0  asdids - ok
    08:59:42.0156 0x1fe0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    08:59:42.0187 0x1fe0  aspnet_state - ok
    08:59:42.0234 0x1fe0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    08:59:42.0359 0x1fe0  AsyncMac - ok
    08:59:42.0406 0x1fe0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
    08:59:42.0656 0x1fe0  atapi - ok
    08:59:42.0656 0x1fe0  Atdisk - ok
    08:59:42.0703 0x1fe0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    08:59:42.0828 0x1fe0  Atmarpc - ok
    08:59:42.0875 0x1fe0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
    08:59:43.0000 0x1fe0  AudioSrv - ok
    08:59:43.0046 0x1fe0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
    08:59:43.0203 0x1fe0  audstub - ok
    08:59:43.0218 0x1fe0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
    08:59:43.0359 0x1fe0  Beep - ok
    08:59:43.0546 0x1fe0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
    08:59:43.0890 0x1fe0  BITS - ok
    08:59:43.0968 0x1fe0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
    08:59:44.0000 0x1fe0  Browser - ok
    08:59:44.0375 0x1fe0  catchme - ok
    08:59:44.0406 0x1fe0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    08:59:44.0578 0x1fe0  cbidf - ok
    08:59:44.0593 0x1fe0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
    08:59:44.0718 0x1fe0  cbidf2k - ok
    08:59:44.0734 0x1fe0  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    08:59:44.0968 0x1fe0  cd20xrnt - ok
    08:59:45.0015 0x1fe0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
    08:59:45.0171 0x1fe0  Cdaudio - ok
    08:59:45.0218 0x1fe0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
    08:59:45.0312 0x1fe0  Cdfs - ok
    08:59:45.0359 0x1fe0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
    08:59:45.0484 0x1fe0  Cdrom - ok
    08:59:45.0484 0x1fe0  Changer - ok
    08:59:45.0531 0x1fe0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
    08:59:45.0640 0x1fe0  CiSvc - ok
    08:59:45.0671 0x1fe0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
    08:59:45.0937 0x1fe0  ClipSrv - ok
    08:59:46.0000 0x1fe0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    08:59:46.0046 0x1fe0  clr_optimization_v2.0.50727_32 - ok
    08:59:46.0062 0x1fe0  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
    08:59:46.0203 0x1fe0  CmdIde - ok
    08:59:46.0218 0x1fe0  COMSysApp - ok
    08:59:46.0265 0x1fe0  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    08:59:46.0421 0x1fe0  Cpqarray - ok
    08:59:46.0468 0x1fe0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
    08:59:46.0593 0x1fe0  CryptSvc - ok
    08:59:46.0671 0x1fe0  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    08:59:46.0828 0x1fe0  dac2w2k - ok
    08:59:46.0843 0x1fe0  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    08:59:47.0156 0x1fe0  dac960nt - ok
    08:59:47.0343 0x1fe0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
    08:59:47.0468 0x1fe0  DcomLaunch - ok
    08:59:47.0546 0x1fe0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
    08:59:47.0718 0x1fe0  Dhcp - ok
    08:59:47.0765 0x1fe0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
    08:59:47.0875 0x1fe0  Disk - ok
    08:59:47.0890 0x1fe0  dmadmin - ok
    08:59:48.0234 0x1fe0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
    08:59:48.0796 0x1fe0  dmboot - ok
    08:59:48.0875 0x1fe0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
    08:59:49.0015 0x1fe0  dmio - ok
    08:59:49.0062 0x1fe0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
    08:59:49.0218 0x1fe0  dmload - ok
    08:59:49.0250 0x1fe0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
    08:59:49.0359 0x1fe0  dmserver - ok
    08:59:49.0406 0x1fe0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
    08:59:49.0515 0x1fe0  DMusic - ok
    08:59:49.0578 0x1fe0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
    08:59:49.0609 0x1fe0  Dnscache - ok
    08:59:49.0734 0x1fe0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
    08:59:49.0890 0x1fe0  Dot3svc - ok
    08:59:49.0921 0x1fe0  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    08:59:50.0140 0x1fe0  dpti2o - ok
    08:59:50.0171 0x1fe0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
    08:59:50.0265 0x1fe0  drmkaud - ok
    08:59:50.0312 0x1fe0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
    08:59:50.0437 0x1fe0  EapHost - ok
    08:59:50.0484 0x1fe0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
    08:59:50.0593 0x1fe0  ERSvc - ok
    08:59:50.0718 0x1fe0  [ 2AC0FF83258E8FAA5215422E85397A90, C3B097CDCA9363281B6C32EAEBEE6328287A286EFA75AAABB5C2B9A22860C352 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys
    08:59:50.0781 0x1fe0  ESProtectionDriver - ok
    08:59:50.0859 0x1fe0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
    08:59:50.0937 0x1fe0  Eventlog - ok
    08:59:51.0062 0x1fe0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
    08:59:51.0125 0x1fe0  EventSystem - ok
    08:59:51.0203 0x1fe0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
    08:59:51.0312 0x1fe0  Fastfat - ok
    08:59:51.0375 0x1fe0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    08:59:51.0421 0x1fe0  FastUserSwitchingCompatibility - ok
    08:59:51.0453 0x1fe0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
    08:59:51.0562 0x1fe0  Fdc - ok
    08:59:51.0609 0x1fe0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
    08:59:51.0718 0x1fe0  Fips - ok
    08:59:51.0734 0x1fe0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    08:59:51.0859 0x1fe0  Flpydisk - ok
    08:59:51.0937 0x1fe0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
    08:59:52.0031 0x1fe0  FltMgr - ok
    08:59:52.0125 0x1fe0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    08:59:52.0156 0x1fe0  FontCache3.0.0.0 - ok
    08:59:52.0187 0x1fe0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
    08:59:52.0343 0x1fe0  Fs_Rec - ok
    08:59:52.0406 0x1fe0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    08:59:52.0531 0x1fe0  Ftdisk - ok
    08:59:52.0593 0x1fe0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
    08:59:52.0718 0x1fe0  Gpc - ok
    08:59:52.0812 0x1fe0  [ 2A013E7530BEAB6E569FAA83F517E836, 481390EE00AF49BB54B8C885801FCAC0F87F4EF3D935ABBBA42B7C063EFDDB8F ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
    08:59:53.0015 0x1fe0  HdAudAddService - ok
    08:59:53.0093 0x1fe0  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    08:59:53.0265 0x1fe0  HDAudBus - ok
    08:59:53.0359 0x1fe0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    08:59:53.0468 0x1fe0  helpsvc - ok
    08:59:53.0484 0x1fe0  HidServ - ok
    08:59:53.0531 0x1fe0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
    08:59:53.0640 0x1fe0  HidUsb - ok
    08:59:53.0718 0x1fe0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
    08:59:53.0843 0x1fe0  hkmsvc - ok
    08:59:53.0906 0x1fe0  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
    08:59:54.0031 0x1fe0  hpn - ok
    08:59:54.0171 0x1fe0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
    08:59:54.0265 0x1fe0  HTTP - ok
    08:59:54.0281 0x1fe0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
    08:59:54.0406 0x1fe0  HTTPFilter - ok
    08:59:54.0421 0x1fe0  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
    08:59:54.0546 0x1fe0  i2omgmt - ok
    08:59:54.0562 0x1fe0  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
    08:59:54.0656 0x1fe0  i2omp - ok
    08:59:54.0718 0x1fe0  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    08:59:54.0828 0x1fe0  i8042prt - ok
    08:59:55.0312 0x1fe0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    08:59:56.0093 0x1fe0  idsvc - ok
    08:59:56.0125 0x1fe0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
    08:59:56.0250 0x1fe0  Imapi - ok
    08:59:56.0343 0x1fe0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
    08:59:56.0453 0x1fe0  ImapiService - ok
    08:59:56.0500 0x1fe0  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
    08:59:56.0625 0x1fe0  ini910u - ok
    08:59:58.0187 0x1fe0  [ 98B7FAB86755A42FE8EB04538A4CD6C8, B0DF80D8061223CF6D1D2B1CF553FB0A6F0BFF6FAE2BB15D9C058327DCFFB6E7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    09:00:01.0531 0x1fe0  IntcAzAudAddService - ok
    09:00:01.0578 0x1fe0  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
    09:00:01.0671 0x1fe0  IntelIde - ok
    09:00:01.0718 0x1fe0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
    09:00:01.0843 0x1fe0  Ip6Fw - ok
    09:00:01.0890 0x1fe0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:00:02.0031 0x1fe0  IpFilterDriver - ok
    09:00:02.0062 0x1fe0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:00:02.0171 0x1fe0  IpInIp - ok
    09:00:02.0265 0x1fe0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:00:02.0406 0x1fe0  IpNat - ok
    09:00:02.0687 0x1fe0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:00:02.0796 0x1fe0  IPSec - ok
    09:00:02.0828 0x1fe0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:00:02.0937 0x1fe0  IRENUM - ok
    09:00:02.0984 0x1fe0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:00:03.0093 0x1fe0  isapnp - ok
    09:00:03.0125 0x1fe0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:00:03.0234 0x1fe0  Kbdclass - ok
    09:00:03.0312 0x1fe0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
    09:00:03.0437 0x1fe0  kmixer - ok
    09:00:03.0500 0x1fe0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
    09:00:03.0546 0x1fe0  KSecDD - ok
    09:00:03.0765 0x1fe0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
    09:00:03.0843 0x1fe0  lanmanserver - ok
    09:00:03.0921 0x1fe0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    09:00:04.0015 0x1fe0  lanmanworkstation - ok
    09:00:04.0015 0x1fe0  lbrtfdc - ok
    09:00:04.0062 0x1fe0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
    09:00:04.0187 0x1fe0  LmHosts - ok
    09:00:04.0484 0x1fe0  [ 94A5E35D81C121A74E6AC4DC58AA869B, 46C3902EC86E69A78EEA3E27C902165BA88EBD97553F85FF782458B29B58D37D ] MbaeSvc         C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
    09:00:05.0125 0x1fe0  MbaeSvc - ok
    09:00:05.0171 0x1fe0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
    09:00:05.0312 0x1fe0  Messenger - ok
    09:00:05.0343 0x1fe0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
    09:00:05.0453 0x1fe0  mnmdd - ok
    09:00:05.0515 0x1fe0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
    09:00:05.0625 0x1fe0  mnmsrvc - ok
    09:00:05.0671 0x1fe0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
    09:00:05.0953 0x1fe0  Modem - ok
    09:00:06.0000 0x1fe0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:00:06.0109 0x1fe0  Mouclass - ok
    09:00:06.0156 0x1fe0  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:00:06.0281 0x1fe0  mouhid - ok
    09:00:06.0328 0x1fe0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
    09:00:06.0437 0x1fe0  MountMgr - ok
    09:00:06.0562 0x1fe0  [ 69E23C730974BAC8C11DF2B7C4C9D37B, 8DC4448EC9C9647381952D7822B39C89E0997B4B964A785AE274144FADEE3C02 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    09:00:06.0640 0x1fe0  MozillaMaintenance - ok
    09:00:06.0671 0x1fe0  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    09:00:06.0968 0x1fe0  mraid35x - ok
    09:00:07.0046 0x1fe0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:00:07.0203 0x1fe0  MRxDAV - ok
    09:00:07.0421 0x1fe0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:00:07.0906 0x1fe0  MRxSmb - ok
    09:00:07.0953 0x1fe0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
    09:00:08.0062 0x1fe0  MSDTC - ok
    09:00:08.0078 0x1fe0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
    09:00:08.0187 0x1fe0  Msfs - ok
    09:00:08.0203 0x1fe0  MSIServer - ok
    09:00:08.0250 0x1fe0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:00:08.0343 0x1fe0  MSKSSRV - ok
    09:00:08.0359 0x1fe0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:00:08.0468 0x1fe0  MSPCLOCK - ok
    09:00:08.0500 0x1fe0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
    09:00:08.0609 0x1fe0  MSPQM - ok
    09:00:08.0625 0x1fe0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:00:08.0937 0x1fe0  mssmbios - ok
    09:00:09.0000 0x1fe0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
    09:00:09.0031 0x1fe0  Mup - ok
    09:00:09.0078 0x1fe0  [ E1CDF20697D992CF83FF86DD04DF1285, F11EFA7B96672225BFB4302CD2272AD0D189973CBC24E9DA71FC3C7DAA78D4EA ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
    09:00:09.0218 0x1fe0  mxnic - ok
    09:00:09.0390 0x1fe0  [ 4672AA80B5517E43927AFA46CB813708, 3DED7E055D480AF6009EE6B2E52D52EEC463CF06615A36CC3D20C7798798C38A ] NanoServiceMain C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
    09:00:09.0468 0x1fe0  NanoServiceMain - ok
    09:00:09.0609 0x1fe0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
    09:00:10.0046 0x1fe0  napagent - ok
    09:00:10.0140 0x1fe0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
    09:00:10.0265 0x1fe0  NDIS - ok
    09:00:10.0296 0x1fe0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:00:10.0343 0x1fe0  NdisTapi - ok
    09:00:10.0375 0x1fe0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:00:10.0484 0x1fe0  Ndisuio - ok
    09:00:10.0531 0x1fe0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:00:10.0640 0x1fe0  NdisWan - ok
    09:00:10.0703 0x1fe0  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
    09:00:10.0921 0x1fe0  NDProxy - ok
    09:00:10.0953 0x1fe0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:00:11.0062 0x1fe0  NetBIOS - ok
    09:00:11.0140 0x1fe0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:00:11.0265 0x1fe0  NetBT - ok
    09:00:11.0375 0x1fe0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
    09:00:11.0484 0x1fe0  NetDDE - ok
    09:00:11.0531 0x1fe0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
    09:00:11.0640 0x1fe0  NetDDEdsdm - ok
    09:00:11.0687 0x1fe0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
    09:00:11.0796 0x1fe0  Netlogon - ok
    09:00:11.0890 0x1fe0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
    09:00:12.0015 0x1fe0  Netman - ok
    09:00:12.0093 0x1fe0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    09:00:12.0171 0x1fe0  NetTcpPortSharing - ok
    09:00:12.0281 0x1fe0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
    09:00:12.0296 0x1fe0  Nla - ok
    09:00:12.0375 0x1fe0  [ BBBB601FB3749A1D0876C2DB82DB5A8A, 6B7EF33FA22E0702471DB10E5AFC0A2D3DFC222B4FE6ECD4D46B24779D905E32 ] NNSALPC         C:\WINDOWS\system32\DRIVERS\NNSAlpc.sys
    09:00:12.0421 0x1fe0  NNSALPC - ok
    09:00:12.0515 0x1fe0  [ B32E8C24EF54EB0E65FE160622AEC240, 80BE481D35023D9524C2CD28D3F9B75192C609FEE277BF2BD310367124D425EA ] NNSHTTP         C:\WINDOWS\system32\DRIVERS\NNSHttp.sys
    09:00:12.0625 0x1fe0  NNSHTTP - ok
    09:00:12.0671 0x1fe0  [ C81057256FAE5F3CFB7A1F651E43D288, 4AC801AB431B7E29ACE18E68F7C46E42018746077501BB380A071593E29AD2B1 ] NNSHTTPS        C:\WINDOWS\system32\DRIVERS\NNSHttps.sys
    09:00:12.0734 0x1fe0  NNSHTTPS - ok
    09:00:12.0781 0x1fe0  [ 14B39AC886DA9E294D41AD8C59FC1606, DC00D3D2508AB66716DAEA4C6121D90EEF99540316F267A52B2EC0DEE79C3190 ] NNSIDS          C:\WINDOWS\system32\DRIVERS\NNSIds.sys
    09:00:12.0843 0x1fe0  NNSIDS - ok
    09:00:12.0906 0x1fe0  [ 38A2763C2D90069B172A520BE358841C, 5C6E0B32184C35AF562AE0571A99A8A3F942A516236B4AB5ABD23805D29E84B4 ] NNSNAHS         C:\WINDOWS\system32\DRIVERS\NNSNAHS.sys
    09:00:12.0937 0x1fe0  NNSNAHS - ok
    09:00:13.0015 0x1fe0  [ 6CF447CF781E4744B27B879AD6B95348, AAF306C212E0867A9F8F98B5B83EC7D7094AF5594642701654D4C07673BE198A ] NNSPICC         C:\WINDOWS\system32\DRIVERS\NNSPicc.sys
    09:00:13.0062 0x1fe0  NNSPICC - ok
    09:00:13.0109 0x1fe0  [ 4837AF2A082C95D624151F3ED84A09E8, D34A0784E4E62D80C7504C48EBDED0F6C0660ADCD42E556B6B1EC49B470C37C7 ] NNSPIHS         C:\WINDOWS\system32\DRIVERS\NNSPihs.sys
    09:00:13.0140 0x1fe0  NNSPIHS - ok
    09:00:13.0203 0x1fe0  [ 884BFA9D89EE8D29C036D81BFCC6F8E0, A99F90A949A14E5CDA84F3316F663F67C8F61C09D5175F38E839584020C3EFAE ] NNSPOP3         C:\WINDOWS\system32\DRIVERS\NNSPop3.sys
    09:00:13.0265 0x1fe0  NNSPOP3 - ok
    09:00:13.0375 0x1fe0  [ E5D77DD5800ABCE5B1BD18C389FF5656, 67E5E68031ADEC606D38A868C37C421289DC81223226D72CF0A6AF07199B7B95 ] NNSPROT         C:\WINDOWS\system32\DRIVERS\NNSProt.sys
    09:00:13.0406 0x1fe0  NNSPROT - ok
    09:00:13.0500 0x1fe0  [ B93DE267E76C7278A3F6C2ABBEB05383, 156C83D817126136FC8AF54D2563589DF2DFB6A93CB1E7231033109C0166C323 ] NNSPRV          C:\WINDOWS\system32\DRIVERS\NNSPrv.sys
    09:00:13.0593 0x1fe0  NNSPRV - ok
    09:00:13.0671 0x1fe0  [ 60E0176C475F5D27300115956791001A, 0C27E678FCB27763D6B77E4E8B334C37A13CEE54E53DD4C2FEC151D7FBAC0D23 ] NNSSMTP         C:\WINDOWS\system32\DRIVERS\NNSSmtp.sys
    09:00:13.0734 0x1fe0  NNSSMTP - ok
    09:00:13.0843 0x1fe0  [ 6752E81E868D23037B61A025C0B1B64D, 31F6AF0B32248AD7539F5B2A99B879B8C850240ED3A181363B3452DAF4ED3543 ] NNSSTRM         C:\WINDOWS\system32\DRIVERS\NNSStrm.sys
    09:00:13.0953 0x1fe0  NNSSTRM - ok
    09:00:14.0031 0x1fe0  [ DA91875B27DB0905B73D6037232BA7DD, 71F85917B85725CC05C0659364AB2D64876CF42D13D6B32D481E69BF8F3DB13F ] NNSTLSC         C:\WINDOWS\system32\DRIVERS\NNSTlsc.sys
    09:00:14.0078 0x1fe0  NNSTLSC - ok
    09:00:14.0125 0x1fe0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
    09:00:14.0250 0x1fe0  Npfs - ok
    09:00:14.0468 0x1fe0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
    09:00:14.0718 0x1fe0  Ntfs - ok
    09:00:14.0734 0x1fe0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
    09:00:14.0828 0x1fe0  NtLmSsp - ok
    09:00:15.0125 0x1fe0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
    09:00:15.0406 0x1fe0  NtmsSvc - ok
    09:00:15.0453 0x1fe0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
    09:00:15.0562 0x1fe0  Null - ok
    09:00:16.0921 0x1fe0  [ 84C65AA58AE1EDE93716439267A23D40, 4907F9D36025F901F47A42D95EA4C818B7C0BCF975B068241AB396A5985F97CE ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    09:00:19.0578 0x1fe0  nv - ok
    09:00:19.0640 0x1fe0  [ 2A7A2C6AB9631028B6E3A4159AA65705, FE6345ED8089E645A59866421AFF827D6489BFFBEE8129BD008C0B1963CA6D3A ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    09:00:19.0703 0x1fe0  NVENETFD - ok
    09:00:19.0718 0x1fe0  [ 20526A8827DC0956B5526AEBCB6751A0, DC0F9F43E17209AFABB942591A6184370F18DEE252285945C46C4E90BFCFE584 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    09:00:19.0765 0x1fe0  nvnetbus - ok
    09:00:19.0859 0x1fe0  [ 4B4F4029F8E391CA6F15D23D7643CF73, 676008E9A8D2D9EAC57654ADB313D0840E7C6C1B81586A0007A41F39199728EB ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
    09:00:19.0921 0x1fe0  NVSvc - ok
    09:00:19.0984 0x1fe0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:00:20.0125 0x1fe0  NwlnkFlt - ok
    09:00:20.0156 0x1fe0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:00:20.0328 0x1fe0  NwlnkFwd - ok
    09:00:20.0453 0x1fe0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:00:20.0500 0x1fe0  ose - ok
    09:00:20.0546 0x1fe0  [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
    09:00:20.0671 0x1fe0  P3 - ok
    09:00:20.0734 0x1fe0  [ 7CB4A8CEFE80C1B924B82ABC8423D75A, 8114529E20433B20542AD7ADDC7D069768E8190A88B1B2ED9988324580D6059C ] PandaAgent      C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
    09:00:20.0781 0x1fe0  PandaAgent - detected UnsignedFile.Multi.Generic ( 1 )
    09:00:23.0234 0x1fe0  Detect skipped due to KSN trusted
    09:00:23.0234 0x1fe0  PandaAgent - ok
    09:00:23.0296 0x1fe0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
    09:00:23.0406 0x1fe0  Parport - ok
    09:00:23.0437 0x1fe0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
    09:00:23.0562 0x1fe0  PartMgr - ok
    09:00:23.0578 0x1fe0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
    09:00:23.0703 0x1fe0  ParVdm - ok
    09:00:23.0734 0x1fe0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
    09:00:23.0843 0x1fe0  PCI - ok
    09:00:23.0843 0x1fe0  PCIDump - ok
    09:00:23.0890 0x1fe0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:00:24.0015 0x1fe0  PCIIde - ok
    09:00:24.0078 0x1fe0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
    09:00:24.0203 0x1fe0  Pcmcia - ok
    09:00:24.0203 0x1fe0  PDCOMP - ok
    09:00:24.0218 0x1fe0  PDFRAME - ok
    09:00:24.0218 0x1fe0  PDRELI - ok
    09:00:24.0234 0x1fe0  PDRFRAME - ok
    09:00:24.0250 0x1fe0  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
    09:00:24.0375 0x1fe0  perc2 - ok
    09:00:24.0375 0x1fe0  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    09:00:24.0484 0x1fe0  perc2hib - ok
    09:00:24.0562 0x1fe0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
    09:00:24.0578 0x1fe0  PlugPlay - ok
    09:00:24.0593 0x1fe0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
    09:00:24.0703 0x1fe0  PolicyAgent - ok
    09:00:24.0750 0x1fe0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:00:24.0859 0x1fe0  PptpMiniport - ok
    09:00:24.0890 0x1fe0  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
    09:00:25.0031 0x1fe0  Processor - ok
    09:00:25.0046 0x1fe0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    09:00:25.0156 0x1fe0  ProtectedStorage - ok
    09:00:25.0187 0x1fe0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
    09:00:25.0328 0x1fe0  PSched - ok
    09:00:25.0421 0x1fe0  [ 173BB240AFD54401BD74B9D98D62DCFE, 50880F22E9B273FDD0D49CBCFB520C35D4F4E6088DDD7EE05EFFEB9736A2920C ] PSINAflt        C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
    09:00:25.0484 0x1fe0  PSINAflt - ok
    09:00:25.0531 0x1fe0  [ 750D60F53843C154D967557685F0D070, 6C862B9C1C7B8D727BF5DBDFC520C9820BCAB2B660089A81459D4573D9ADF9C8 ] PSINFile        C:\WINDOWS\system32\DRIVERS\PSINFile.sys
    09:00:25.0593 0x1fe0  PSINFile - ok
    09:00:25.0703 0x1fe0  [ 6F9891C59D2577FCABFA9247259932A8, C7CADC1FEE294C6D47401A8B57FB9F7C32821C1E390329DF6FDF2628CBC70A2C ] PSINKNC         C:\WINDOWS\system32\DRIVERS\psinknc.sys
    09:00:25.0781 0x1fe0  PSINKNC - ok
    09:00:25.0828 0x1fe0  [ 470E5F203D5DD38C90DEDED6DA9B0426, 05085812440308F5CEF462019BC507B8C065CE7CDA9F4F46BB14DCCF06E3A0FB ] PSINProc        C:\WINDOWS\system32\DRIVERS\PSINProc.sys
    09:00:25.0890 0x1fe0  PSINProc - ok
    09:00:25.0984 0x1fe0  [ 742E5E552FE42E168E73BC12B50979C6, 935F51A45A4DDEBD466A47B57FEA6EC325FC6FBB6E05E4074E42063EDEF59881 ] PSINProt        C:\WINDOWS\system32\DRIVERS\PSINProt.sys
    09:00:26.0046 0x1fe0  PSINProt - ok
    09:00:26.0125 0x1fe0  [ 028990AEEBA96B58E2E33FE91694753B, CAD7EB5044C1A4BAADAFE6CF93ECD178316A41D705F12D1319ABAF25E32C05C4 ] PSINReg         C:\WINDOWS\system32\DRIVERS\PSINReg.sys
    09:00:26.0171 0x1fe0  PSINReg - ok
    09:00:26.0218 0x1fe0  [ B6DE7ACA6781E67F6D614ABC1C88C3FF, 8FB8EC099218E721EA14B3DAB64D8534BC1CD891F0172B82A812255F4F0E7D09 ] PSKMAD          C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
    09:00:26.0250 0x1fe0  PSKMAD - ok
    09:00:26.0296 0x1fe0  [ F8F2096FB17C1219C81008671F0FADA5, F16CB53622107A5690CF32E43104CCE0172A4D985FE7AD7182AFF2DF3AF01D28 ] PSUAService     C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
    09:00:26.0312 0x1fe0  PSUAService - ok
    09:00:26.0359 0x1fe0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:00:26.0468 0x1fe0  Ptilink - ok
    09:00:26.0500 0x1fe0  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
    09:00:26.0625 0x1fe0  ql1080 - ok
    09:00:26.0656 0x1fe0  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    09:00:26.0781 0x1fe0  Ql10wnt - ok
    09:00:26.0796 0x1fe0  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
    09:00:26.0921 0x1fe0  ql12160 - ok
    09:00:26.0953 0x1fe0  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
    09:00:27.0093 0x1fe0  ql1240 - ok
    09:00:27.0125 0x1fe0  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
    09:00:27.0234 0x1fe0  ql1280 - ok
    09:00:27.0250 0x1fe0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:00:27.0359 0x1fe0  RasAcd - ok
    09:00:27.0437 0x1fe0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
    09:00:27.0562 0x1fe0  RasAuto - ok
    09:00:27.0593 0x1fe0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:00:27.0718 0x1fe0  Rasl2tp - ok
    09:00:27.0828 0x1fe0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
    09:00:28.0046 0x1fe0  RasMan - ok
    09:00:28.0062 0x1fe0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:00:28.0171 0x1fe0  RasPppoe - ok
    09:00:28.0218 0x1fe0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:00:28.0343 0x1fe0  Raspti - ok
    09:00:28.0437 0x1fe0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:00:28.0562 0x1fe0  Rdbss - ok
    09:00:28.0578 0x1fe0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:00:28.0687 0x1fe0  RDPCDD - ok
    09:00:28.0781 0x1fe0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:00:28.0937 0x1fe0  rdpdr - ok
    09:00:29.0031 0x1fe0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
    09:00:29.0125 0x1fe0  RDPWD - ok
    09:00:29.0218 0x1fe0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\SYSTEM32\sessmgr.exe
    09:00:29.0312 0x1fe0  RDSessMgr - ok
    09:00:29.0359 0x1fe0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:00:29.0468 0x1fe0  redbook - ok
    09:00:29.0531 0x1fe0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
    09:00:29.0656 0x1fe0  RemoteAccess - ok
    09:00:29.0703 0x1fe0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
    09:00:29.0796 0x1fe0  RpcLocator - ok
    09:00:29.0968 0x1fe0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
    09:00:30.0109 0x1fe0  RpcSs - ok
    09:00:30.0187 0x1fe0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
    09:00:30.0296 0x1fe0  RSVP - ok
    09:00:30.0375 0x1fe0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
    09:00:30.0468 0x1fe0  SamSs - ok
    09:00:30.0546 0x1fe0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
    09:00:30.0640 0x1fe0  SCardSvr - ok
    09:00:30.0750 0x1fe0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
    09:00:30.0875 0x1fe0  Schedule - ok
    09:00:30.0937 0x1fe0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:00:31.0078 0x1fe0  Secdrv - ok
    09:00:31.0109 0x1fe0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
    09:00:31.0218 0x1fe0  seclogon - ok
    09:00:31.0265 0x1fe0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
    09:00:31.0390 0x1fe0  SENS - ok
    09:00:31.0421 0x1fe0  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:00:31.0531 0x1fe0  serenum - ok
    09:00:31.0562 0x1fe0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
    09:00:31.0703 0x1fe0  Serial - ok
    09:00:31.0734 0x1fe0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:00:31.0859 0x1fe0  Sfloppy - ok
    09:00:32.0031 0x1fe0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
    09:00:32.0359 0x1fe0  SharedAccess - ok
    09:00:32.0437 0x1fe0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    09:00:32.0453 0x1fe0  ShellHWDetection - ok
    09:00:32.0468 0x1fe0  Simbad - ok
    09:00:32.0515 0x1fe0  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
    09:00:32.0609 0x1fe0  sisagp - ok
    09:00:32.0640 0x1fe0  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
    09:00:32.0718 0x1fe0  Sparrow - ok
    09:00:32.0750 0x1fe0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
    09:00:32.0859 0x1fe0  splitter - ok
    09:00:32.0921 0x1fe0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
    09:00:32.0937 0x1fe0  Spooler - ok
    09:00:32.0984 0x1fe0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
    09:00:33.0093 0x1fe0  sr - ok
    09:00:33.0203 0x1fe0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
    09:00:33.0328 0x1fe0  srservice - ok
    09:00:33.0515 0x1fe0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
    09:00:33.0734 0x1fe0  Srv - ok
    09:00:33.0781 0x1fe0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
    09:00:33.0890 0x1fe0  SSDPSRV - ok
    09:00:34.0031 0x1fe0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
    09:00:34.0234 0x1fe0  stisvc - ok
    09:00:34.0281 0x1fe0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:00:34.0406 0x1fe0  swenum - ok
    09:00:34.0453 0x1fe0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
    09:00:34.0562 0x1fe0  swmidi - ok
    09:00:34.0578 0x1fe0  SwPrv - ok
    09:00:34.0625 0x1fe0  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
    09:00:34.0734 0x1fe0  symc810 - ok
    09:00:34.0750 0x1fe0  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    09:00:34.0859 0x1fe0  symc8xx - ok
    09:00:34.0875 0x1fe0  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    09:00:35.0093 0x1fe0  sym_hi - ok
    09:00:35.0125 0x1fe0  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    09:00:35.0250 0x1fe0  sym_u3 - ok
    09:00:35.0281 0x1fe0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
    09:00:35.0406 0x1fe0  sysaudio - ok
    09:00:35.0468 0x1fe0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
    09:00:35.0562 0x1fe0  SysmonLog - ok
    09:00:35.0703 0x1fe0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
    09:00:35.0812 0x1fe0  TapiSrv - ok
    09:00:35.0968 0x1fe0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:00:36.0109 0x1fe0  Tcpip - ok
    09:00:36.0156 0x1fe0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:00:36.0281 0x1fe0  TDPIPE - ok
    09:00:36.0312 0x1fe0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
    09:00:36.0421 0x1fe0  TDTCP - ok
    09:00:36.0453 0x1fe0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:00:36.0562 0x1fe0  TermDD - ok
    09:00:36.0703 0x1fe0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
    09:00:36.0828 0x1fe0  TermService - ok
    09:00:36.0890 0x1fe0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
    09:00:36.0921 0x1fe0  Themes - ok
    09:00:36.0968 0x1fe0  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
    09:00:37.0093 0x1fe0  TosIde - ok
    09:00:37.0156 0x1fe0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
    09:00:37.0296 0x1fe0  TrkWks - ok
    09:00:37.0359 0x1fe0  [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\WINDOWS\system32\drivers\TrueSight.sys
    09:00:37.0375 0x1fe0  TrueSight - ok
    09:00:37.0437 0x1fe0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
    09:00:37.0562 0x1fe0  Udfs - ok
    09:00:37.0578 0x1fe0  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
    09:00:37.0640 0x1fe0  ultra - ok
    09:00:37.0828 0x1fe0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
    09:00:38.0140 0x1fe0  Update - ok
    09:00:38.0343 0x1fe0  [ 325FB38C323C63C7F57885B4DFB1B91E, 0E9F08FDF2032A7EBE883CE2C7AEF3DC4CE622C2E6F4BEBEAFA24ACF93669C99 ] UPHClean        C:\Program Files\UPHClean\uphclean.exe
    09:00:38.0625 0x1fe0  UPHClean - detected UnsignedFile.Multi.Generic ( 1 )
    09:00:48.0687 0x1fe0  UPHClean ( UnsignedFile.Multi.Generic ) - warning
    09:00:53.0250 0x1fe0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
    09:00:53.0375 0x1fe0  upnphost - ok
    09:00:53.0406 0x1fe0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
    09:00:53.0515 0x1fe0  UPS - ok
    09:00:53.0578 0x1fe0  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:00:53.0640 0x1fe0  usbehci - ok
    09:00:53.0703 0x1fe0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:00:53.0812 0x1fe0  usbhub - ok
    09:00:53.0843 0x1fe0  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
    09:00:53.0953 0x1fe0  usbohci - ok
    09:00:54.0015 0x1fe0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:00:54.0125 0x1fe0  USBSTOR - ok
    09:00:54.0156 0x1fe0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:00:54.0265 0x1fe0  usbuhci - ok
    09:00:54.0296 0x1fe0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
    09:00:54.0406 0x1fe0  VgaSave - ok
    09:00:54.0453 0x1fe0  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
    09:00:54.0562 0x1fe0  viaagp - ok
    09:00:54.0593 0x1fe0  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
    09:00:54.0703 0x1fe0  ViaIde - ok
    09:00:54.0750 0x1fe0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
    09:00:54.0875 0x1fe0  VolSnap - ok
    09:00:55.0171 0x1fe0  [ 5BDD5BAF208B7303D0117431D5D84A1A, 865109C268816C36A8F162F58BE96FFDD020A7D23884147DF430D4F91A345352 ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
    09:00:55.0562 0x1fe0  Vsdatant - ok
    09:00:57.0578 0x1fe0  [ D10823AD822EFC61F39DD5558FE7D6BD, 5AE16D2142EFD2762FD01DBFE19035D310E85377052A822908B1D4558069DBD5 ] vsmon           C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    09:01:00.0781 0x1fe0  vsmon - ok
    09:01:00.0937 0x1fe0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
    09:01:01.0046 0x1fe0  VSS - ok
    09:01:01.0125 0x1fe0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
    09:01:01.0250 0x1fe0  W32Time - ok
    09:01:01.0437 0x1fe0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:01:01.0562 0x1fe0  Wanarp - ok
    09:01:01.0765 0x1fe0  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
    09:01:02.0062 0x1fe0  Wdf01000 - ok
    09:01:02.0062 0x1fe0  WDICA - ok
    09:01:02.0140 0x1fe0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
    09:01:02.0234 0x1fe0  wdmaud - ok
    09:01:02.0437 0x1fe0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
    09:01:02.0562 0x1fe0  WebClient - ok
    09:01:02.0703 0x1fe0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
    09:01:02.0859 0x1fe0  winmgmt - ok
    09:01:02.0921 0x1fe0  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
    09:01:02.0953 0x1fe0  WmdmPmSN - ok
    09:01:03.0031 0x1fe0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
    09:01:03.0156 0x1fe0  WmiApSrv - ok
    09:01:03.0703 0x1fe0  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
    09:01:04.0046 0x1fe0  WMPNetworkSvc - ok
    09:01:04.0093 0x1fe0  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
    09:01:04.0203 0x1fe0  WS2IFSL - ok
    09:01:04.0281 0x1fe0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
    09:01:04.0421 0x1fe0  wscsvc - ok
    09:01:04.0437 0x1fe0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
    09:01:04.0546 0x1fe0  wuauserv - ok
    09:01:04.0703 0x1fe0  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    09:01:04.0765 0x1fe0  WudfPf - ok
    09:01:04.0812 0x1fe0  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    09:01:04.0875 0x1fe0  WudfRd - ok
    09:01:04.0921 0x1fe0  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
    09:01:04.0984 0x1fe0  WudfSvc - ok
    09:01:05.0203 0x1fe0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
    09:01:05.0656 0x1fe0  WZCSVC - ok
    09:01:05.0718 0x1fe0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
    09:01:05.0828 0x1fe0  xmlprov - ok
    09:01:05.0921 0x1fe0  [ CEC8ED565F3663F0B8A862561BF08D79, FDDBEDC79C7061B20AA450BB3D09EDADEDD5F531D8EA100BBF542A63BDFCE593 ] ZAPrivacyService C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
    09:01:05.0968 0x1fe0  ZAPrivacyService - ok
    09:01:05.0984 0x1fe0  ================ Scan global ===============================
    09:01:06.0046 0x1fe0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
    09:01:06.0203 0x1fe0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    09:01:06.0437 0x1fe0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
    09:01:06.0500 0x1fe0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
    09:01:06.0515 0x1fe0  [ Global ] - ok
    09:01:06.0515 0x1fe0  ================ Scan MBR ==================================
    09:01:06.0546 0x1fe0  [ 620801C51A4A223B7167BE50689BA748 ] \Device\Harddisk0\DR0
    09:01:06.0953 0x1fe0  \Device\Harddisk0\DR0 - ok
    09:01:06.0953 0x1fe0  ================ Scan VBR ==================================
    09:01:06.0953 0x1fe0  [ CD222249DCEAA624BC0BED0231F233A2 ] \Device\Harddisk0\DR0\Partition1
    09:01:06.0984 0x1fe0  \Device\Harddisk0\DR0\Partition1 - ok
    09:01:07.0000 0x1fe0  [ 972BE134A1251BCBD05674D6072B879F ] \Device\Harddisk0\DR0\Partition2
    09:01:07.0000 0x1fe0  \Device\Harddisk0\DR0\Partition2 - ok
    09:01:07.0000 0x1fe0  ================ Scan generic autorun ======================
    09:01:12.0812 0x1fe0  [ 0AF9324D43DF9DF59BB2B0F08223A26C, 3B69B6D3B72935DC502C65B9459B22BEE635B8CBA3361E3DB24ECF3ABA064CF6 ] C:\WINDOWS\RTHDCPL.EXE
    09:01:24.0046 0x1fe0  RTHDCPL - ok
    09:01:24.0093 0x1fe0  NvMediaCenter - ok
    09:01:24.0093 0x1fe0  NvCplDaemon - ok
    09:01:25.0125 0x1fe0  [ 54137098AA6C3B65DF277130A9123FF5, C49FFE45140E79795DF16A54FC9C70A886EE4D1B1D812FFB9A0812868C108EA9 ] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
    09:01:26.0968 0x1fe0  Malwarebytes Anti-Exploit - ok
    09:01:27.0078 0x1fe0  [ 8FB740D758B14B1BC950CC347C21E461, 6EAB429DE35D87C94E9B912E189C248428653674939352E0210FC026F5A4B564 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    09:01:27.0109 0x1fe0  RemoteControl - detected UnsignedFile.Multi.Generic ( 1 )
    09:01:29.0546 0x1fe0  Detect skipped due to KSN trusted
    09:01:29.0546 0x1fe0  RemoteControl - ok
    09:01:29.0656 0x1fe0  [ DAFE20AB1BF7E073AA6636AE227A9C18, E61AB310AA87BE1F59C625DA711D4FD27E9147B9C8944B59CA957BB2F07C975E ] C:\Program Files\Digital Media Reader\readericon45G.exe
    09:01:29.0718 0x1fe0  readericon - detected UnsignedFile.Multi.Generic ( 1 )
    09:01:32.0171 0x1fe0  Detect skipped due to KSN trusted
    09:01:32.0171 0x1fe0  readericon - ok
    09:01:32.0171 0x1fe0  nwiz - ok
    09:01:32.0234 0x1fe0  [ 9C3B2302B60FB0EFB13BC880A5E3E93E, 16F32AB74A57B521FF431F2C36609DE5F6ABE0DCD3111B4954471DEED700A66B ] C:\WINDOWS\system32\HDAShCut.exe
    09:01:32.0281 0x1fe0  High Definition Audio Property Page Shortcut - ok
    09:01:32.0421 0x1fe0  [ D3CC7A3813123E955B3A497C04B404E2, 3D4D7BFBD6801155908EF0CB916B45ADEF41A63B39E30CCD9B62F360AC5FF20A ] C:\WINDOWS\SMINST\RECGUARD.EXE
    09:01:32.0531 0x1fe0  Recguard - detected UnsignedFile.Multi.Generic ( 1 )
    09:01:34.0984 0x1fe0  Detect skipped due to KSN trusted
    09:01:34.0984 0x1fe0  Recguard - ok
    09:01:35.0437 0x1fe0  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    09:01:36.0140 0x1fe0  Adobe ARM - ok
    09:01:36.0203 0x1fe0  [ 0C9D4FDAEBD8A5A977F06EB5E70D8606, 3A61DC4CCB24A496B292519D2C857646BFF3DBE8F3CFB90AD17FF8A464E1BB74 ] C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
    09:01:36.0218 0x1fe0  PSUAMain - ok
    09:01:36.0750 0x1fe0  [ 9C9744650A56D9680E507DA9B144A324, D254745DBC391D9C765AE811CA4A8F06EAF4DF9F07AF9353F48CC086454759EA ] C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe
    09:01:37.0609 0x1fe0  BDAntiCryptoLocker - ok
    09:01:37.0718 0x1fe0  [ 2D480F1AAB328DB6FA646909D1CF334A, 04F2C7C28D3EE697F09FE4E73C457053BC21F1B8C55F2E00187544C2EE29659F ] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    09:01:37.0765 0x1fe0  ZoneAlarm - ok
    09:01:37.0781 0x1fe0  Waiting for KSN requests completion. In queue: 5
    09:01:38.0781 0x1fe0  Waiting for KSN requests completion. In queue: 4
    09:01:39.0781 0x1fe0  Waiting for KSN requests completion. In queue: 4
    09:01:41.0015 0x1fe0  AV detected via SS1: Panda Free Antivirus, 16.00.02.0000, enabled, updated
    09:01:41.0031 0x1fe0  FW detected via SS1: Panda Firewall, 16.00.02.0000, disabled
    09:01:41.0031 0x1fe0  FW detected via SS1: ZoneAlarm Free Firewall Firewall, 14.1.57.0, enabled
    09:01:43.0546 0x1fe0  ============================================================
    09:01:43.0546 0x1fe0  Scan finished
    09:01:43.0546 0x1fe0  ============================================================
    09:01:43.0546 0x1f18  Detected object count: 1
    09:01:43.0546 0x1f18  Actual detected object count: 1
    09:02:41.0546 0x1f18  UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
    09:02:41.0546 0x1f18  UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip
    09:03:39.0156 0x1218  Deinitialize success
     


    Edited by koolkat1939, 30 July 2016 - 10:36 AM.

    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,012 posts
    • MVP

    Sorry.  Didn't get the notification.  Even checked my Spam folder.  Don't know what happened.

     

    Let's submit uphclean.exe to virustotal just to make sure the website we got it from wasn't hacked.

     

     
    Easiest way to submit a file is to copy the path:
    C:\Program Files\UPHClean\uphclean.exe
     
    Then
    Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with uphclean.exe chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46+ different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 46+ then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
     
    Repeat for:
     
     "C:\Documents and Settings\Owner\Desktop\MBR.dat"
     
    This last is a copy of your MBR that both GMER & aswMBR complained about.  Let's see what virustotal thinks about it.
     
     
     
     
    Copy the text between the lines of stars by highlighting and Ctrl + c.
     
    ******************************************
     
    File::
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Oemreset.lnk
    c:\windows\pss\Oemreset.lnk
    c:\documents and settings\Owner\Start Menu\Programs\Startup\_uninst_.lnk
    c:\windows\pss\_uninst_.lnkStartup
    c:\Program Files\Common Files\AOL\Loader\aolload.exe
     
    Driver::
    asdids
     
    Folder::
    C:\Documents and Settings\Owner\My Documents\New Folder\Free Any Burn 1.4
    C:\Documents and Settings\Owner\My Documents\Tools & Programs\Free Any Burn 1.4
     
    RegLock::
    [HKEY_USERS\.Default\Software\5AHSH54OwLwn]
    [HKEY_USERS\.Default\Software\Locky]
    [HKEY_USERS\LocalService\Software\5AHSH54OwLwn]
    [HKEY_USERS\LocalService\Software\Locky]
    [HKEY_USERS\LocalService_Classes\Software\5AHSH54OwLwn]
    [HKEY_USERS\LocalService_Classes\Software\Locky]
    [HKEY_USERS\S-1-5-20\Software\5AHSH54OwLwn]
    [HKEY_USERS\S-1-5-20\Software\Locky]
    [HKEY_USERS\S-1-5-20_Classes\Software\5AHSH54OwLwn]
    [HKEY_USERS\S-1-5-20_Classes\Software\Locky]
    [HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\5AHSH54OwLwn]
    [HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\Locky]
    [HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\5AHSH54OwLwn]
    [HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\Locky]
     
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    [-HKEY_USERS\.Default\Software\5AHSH54OwLwn]
    [-HKEY_USERS\.Default\Software\Locky]
    [-HKEY_USERS\LocalService\Software\5AHSH54OwLwn]
    [-HKEY_USERS\LocalService\Software\Locky]
    [-HKEY_USERS\LocalService_Classes\Software\5AHSH54OwLwn]
    [-HKEY_USERS\LocalService_Classes\Software\Locky]
    [-HKEY_USERS\S-1-5-20\Software\5AHSH54OwLwn]
    [-HKEY_USERS\S-1-5-20\Software\Locky]
    [-HKEY_USERS\S-1-5-20_Classes\Software\5AHSH54OwLwn]
    [-HKEY_USERS\S-1-5-20_Classes\Software\Locky]
    [-HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\5AHSH54OwLwn]
    [-HKEY_USERS\S-1-5-21-676961170-3691123601-236142853-1003\Software\Locky]
    [-HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\5AHSH54OwLwn]
    [-HKEY_USERS\S-1-5-21-842925246-1606980848-1708537768-1003_Classes\Software\Locky]
     
    ******************************************
     
    Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
     
    Pause your anti-virus.
     
    Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
     
    Post the new log.
     

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP