Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

snapdo


  • This topic is locked This topic is locked
20 replies to this topic

#1 Nita

Nita

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 10 December 2013 - 10:28 AM

I have a Dell pc and OS XP. Suddenly whenever I open Mozilla firefox instead of a blank page there is snapdo which is extremely annoying. I have just done a malwarebytes scan and removed a horrendous number of threats also ran superantispyware but the problem still persists. I managed, I don't know how to get rid of it in IE but Mozilla is my preferred browser. Can you please advise me on what to do.

many thanks

Nita



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 10 December 2013 - 11:18 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 11 December 2013 - 12:06 PM

Hi Marius

Thankyou for replying to my post.I did manage to change my homepage back to blank and then ran a full scan overnight on malwarebytes which produced 10 items which hopefully have now been removed. I did this before getting your message. I notice that snapdo is still present among the choices for searching the web. I don't know whether this matters.You do say that absence of symptoms doesn't neccessarily mean that all is OK. Do you want me to post the log of the last scan. I'm not sure I know how to find it.I am really grateful for your offer to help.Thanks again Nita



#4 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 12 December 2013 - 06:30 AM

Hi Marius

i have searched for the mawarebytes log in the programme files and in thedocuments/settings etc but it is nowhere to be seen.I suppose I must not have saved it. I do hope you haven't given up on me.

Nita



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 12 December 2013 - 11:33 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 12 December 2013 - 12:01 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013

Ran by Nita Guz (administrator) on D9XW9S2J on 12-12-2013 16:48:03

Running from C:\Documents and Settings\Nita Guz\Desktop\downloads

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Motive Communications, Inc.) C:\Program Files\btbb_wcm\McciTrayApp.exe

() C:\WINDOWS\vsnpstd3.exe

() C:\Program Files\Logitech\QuickCam\Quickcam.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

(Visioneer Inc) C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\CFNetAgent.exe

(Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE

() C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\FireWallSetting.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(FileOpen Systems Inc.) C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe

(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

() C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [935936 2006-12-07] (Motive Communications, Inc.)

HKLM\...\Run: [snpstd3] - C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] ()

HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] ()

HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()

HKLM\...\Run: [OneTouch Monitor] - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-09-13] (Visioneer Inc)

HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-08-15] (SigmaTel, Inc.)

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2007-08-11] (Google)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [PPWebCap] - C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE [43008 2001-10-15] (Scansoft Inc.)

HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)

HKCU\...\Run: [Yahoo! Pager] - C:\Program Files\Yahoo!\Messenger\ypager.exe [2478080 2005-08-31] ()

HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [439360 2013-08-13] (BillP Studios)

HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-11-10] (Google Inc.)

HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [694152 2013-09-05] (Adobe Systems Incorporated)

MountPoints2: {2be6cb28-ca5e-11db-9133-0011f5300101} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Tracleer_Product_Info.pdf

MountPoints2: {78144477-b04d-11df-8c03-001aa006528a} - G:\StartClickFreeBackup.exe

HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\Avram\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\Avram\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Avram\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-03-17] (Apple Inc.)

HKU\Avram\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-11-10] (Google Inc.)

HKU\Avram\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin

HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\TEMP\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\TEMP\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-11-10] (Google Inc.)

AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2007-08-10] (Google)

Startup: C:\Documents and Settings\Nita Guz\Start Menu\Programs\Canon iP4200\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&q={searchTerms}&installDate=08/12/2013

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&q={searchTerms}&installDate=08/12/2013

BHO: Tensons.Application.DownloadAcceleratorManager.BHO - {00000003-1118-11da-8cd6-0800200c9888} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO: No Name - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -  No File

BHO: No Name - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238492181875

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab

DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default

FF NewTab: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=nt&installDate=08/12/2013

FF Homepage: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=hp&installDate=08/12/2013

FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&installDate=08/12/2013&q=

FF NetworkProxy: "no_proxies_on", "127.0.0.1,*.local"

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYState.dll ( )

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF SearchPlugin: C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\searchplugins\Web Search.xml

FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\ascsurfingprotection@iobit.com

FF Extension: No Name - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\nostmp

FF Extension: TidyNetwork - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\TidyNetwork@TidyNetwork

FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

 

Chrome:

=======

CHR HomePage: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=hp&installDate=08/12/2013

CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=hp&installDate=08/12/2013"

CHR DefaultSearchKeyword: google.co.uk

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Download Accelerator Manager Mozilla/Netscape/Opera plugin) - C:\Program Files\Mozilla Firefox\plugins\NpDam.dll No File

CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll No File

CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File

CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File

CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll No File

CHR Plugin: (Microsoft\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Microsoft\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Snap.Do ) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0

CHR Extension: (YouTube) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (RealDownloader) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0

CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1

CHR Extension: (Google Wallet) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (TidyNetwork ) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbdbpkadjpomaialbgiidmfolgoghbff\5.0.0.0_0

CHR Extension: (Gmail) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx

CHR HKLM\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files\albrechto\nkopijddpkmggacdghppacglggodkcod.crx

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)

S3 ClickFreeC3WifiCfgService; c:\documents and settings\all users\application data\OfficeGuardianC3\C3WiFiCfg.EXE [320840 2010-08-23] ()

R2 ClickFreeCFNetAgentService; C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\CFNetAgent.exe [230728 2010-07-14] ()

R2 ClickFreeFirewallSettingService; C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\FireWallSetting.exe [185672 2010-07-14] ()

R2 FileOpenManagerSvc; C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe [212352 2011-03-09] (FileOpen Systems Inc.)

S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2007-08-11] (Google)

S4 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)

R3 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)

S3 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)

S3 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S3 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

S3 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)

S3 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.)

S3 usnjsvc; "C:\Program Files\MSN Messenger\usnsvc.exe" [x]

S4 Util albrechto; "C:\Program Files\albrechto\bin\utilalbrechto.exe" [x]

 

==================== Drivers (Whitelisted) ====================

 

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2013-03-23] (IObit)

S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)

R3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2006-12-08] (Motive, Inc.)

R3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [168040 2013-10-26] (NVIDIA Corporation)

S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31520 2013-03-26] (IObit.com)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()

S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)

R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2006-08-15] (SigmaTel, Inc.)

S3 UPATC; C:\Windows\System32\DRIVERS\upatc.sys [94688 2001-08-29] (SCM Microsystems Inc.)

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2013-03-26] (IObit.com)

S0 IKFileSec; system32\drivers\ikfilesec.sys [x]

S1 IKSysFlt; system32\drivers\iksysflt.sys [x]

S1 IKSysSec; system32\drivers\iksyssec.sys [x]

S0 Lbd; system32\DRIVERS\Lbd.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S2 Stltrk2k; No ImagePath

U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

S3 wanusb; system32\DRIVERS\gwausb.sys [x]

U1 WS2IFSL;

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-12 16:47 - 2013-12-12 16:47 - 00000000 ____D C:\FRST

2013-12-12 16:19 - 2013-12-12 16:21 - 00004992 _____ C:\WINDOWS\KB2898715.log

2013-12-12 16:19 - 2013-12-12 16:20 - 00005506 _____ C:\WINDOWS\KB2893984.log

2013-12-12 16:19 - 2013-12-12 16:20 - 00005052 _____ C:\WINDOWS\KB2892075.log

2013-12-12 16:19 - 2013-12-12 16:20 - 00004983 _____ C:\WINDOWS\KB2893294.log

2013-12-12 16:19 - 2013-12-12 16:19 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-10 16:17 - 2013-12-10 16:17 - 00000000 ____D C:\Documents and Settings\Avram\Application Data\IObit

2013-12-10 14:26 - 2013-12-10 14:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-10 14:25 - 2013-12-12 16:38 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-10 12:27 - 2013-12-10 13:31 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

2013-12-10 12:27 - 2013-12-10 13:31 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt

2013-12-10 12:26 - 2013-12-10 12:26 - 00000000 _____ C:\asc_rdflag

2013-12-08 20:04 - 2013-12-08 20:04 - 00002045 _____ C:\Documents and Settings\Nita Guz\Desktop\Search.lnk

2013-12-08 18:48 - 2013-12-08 18:48 - 00035371 _____ C:\Documents and Settings\Nita Guz\Desktop\henry war years.odt

2013-12-07 15:02 - 2013-12-07 15:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

2013-12-07 15:00 - 2013-03-26 22:53 - 00074752 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cryptdlg.dll

2013-12-07 14:52 - 2013-12-07 14:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

2013-12-07 14:50 - 2011-03-11 14:10 - 00225262 ____N C:\WINDOWS\system32\dllcache\msimain.sdb

2013-12-07 14:49 - 2013-12-10 12:25 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt

2013-12-07 14:49 - 2013-12-10 12:25 - 00065536 _____ C:\WINDOWS\system32\config\Microsof.evt

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\winrm

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$

2013-12-07 14:48 - 2013-12-07 14:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$

2013-12-07 14:48 - 2013-04-17 19:22 - 00023360 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe

2013-11-27 14:33 - 2013-12-04 16:40 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\family photos

2013-11-26 14:07 - 2013-11-26 14:07 - 00056668 _____ C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA).htm

2013-11-26 14:07 - 2013-11-26 14:07 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA)_files

2013-11-25 17:37 - 2013-12-12 14:16 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-11-25 17:37 - 2013-12-12 14:15 - 00000263 _____ C:\WINDOWS\wiadebug.log

2013-11-25 17:37 - 2013-12-11 11:05 - 00032526 _____ C:\WINDOWS\SchedLgU.Txt

2013-11-25 17:37 - 2013-11-25 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log

2013-11-21 18:23 - 2013-11-21 18:23 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\phonebook2

2013-11-21 18:22 - 2013-11-21 18:22 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\Summer in the Park

2013-11-21 14:25 - 2013-11-21 14:25 - 00000830 _____ C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk

2013-11-21 14:25 - 2013-11-21 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2

2013-11-21 14:25 - 2013-05-22 18:49 - 00014776 _____ C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

2013-11-19 09:48 - 2013-12-11 11:18 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-11-15 18:45 - 2013-11-15 18:45 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\Banet tree

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

 

==================== One Month Modified Files and Folders =======

 

2013-12-12 16:47 - 2013-12-12 16:47 - 00000000 ____D C:\FRST

2013-12-12 16:42 - 2013-05-30 18:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-12-12 16:38 - 2013-12-10 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-12 16:25 - 2004-08-10 13:02 - 01106037 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-12 16:21 - 2013-12-12 16:19 - 00004992 _____ C:\WINDOWS\KB2898715.log

2013-12-12 16:20 - 2013-12-12 16:19 - 00005506 _____ C:\WINDOWS\KB2893984.log

2013-12-12 16:20 - 2013-12-12 16:19 - 00005052 _____ C:\WINDOWS\KB2892075.log

2013-12-12 16:20 - 2013-12-12 16:19 - 00004983 _____ C:\WINDOWS\KB2893294.log

2013-12-12 16:19 - 2013-12-12 16:19 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-12 16:16 - 2007-04-25 09:08 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\Skype

2013-12-12 14:16 - 2013-11-25 17:37 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-12 14:15 - 2013-11-25 17:37 - 00000263 _____ C:\WINDOWS\wiadebug.log

2013-12-12 11:51 - 2010-01-04 10:20 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-11 17:07 - 2007-03-03 13:56 - 00002435 _____ C:\Documents and Settings\All Users\Start Menu\Programs\New Office Document.lnk

2013-12-11 17:06 - 2013-09-25 13:05 - 00000274 _____ C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job

2013-12-11 11:21 - 2011-01-12 11:20 - 00000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-106739292-653456445-1234974741-1007.job

2013-12-11 11:18 - 2013-11-19 09:48 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-12-11 11:08 - 2004-08-10 12:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-12-11 11:07 - 2013-10-26 18:17 - 00000278 _____ C:\WINDOWS\Tasks\Driver Booster Update.job

2013-12-11 11:07 - 2013-10-26 18:17 - 00000276 _____ C:\WINDOWS\Tasks\Driver Booster Scan.job

2013-12-11 11:07 - 2013-01-11 17:59 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-12-11 11:07 - 2011-01-12 11:20 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-106739292-653456445-1234974741-1007.job

2013-12-11 11:07 - 2010-12-20 13:23 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-12-11 11:07 - 2010-01-04 10:20 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-11 11:06 - 2009-06-12 02:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969898$

2013-12-11 11:06 - 2004-08-10 13:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-11 11:05 - 2013-11-25 17:37 - 00032526 _____ C:\WINDOWS\SchedLgU.Txt

2013-12-11 11:05 - 2007-03-07 14:25 - 00000178 ___SH C:\Documents and Settings\Avram\ntuser.ini

2013-12-11 11:05 - 2007-03-07 14:25 - 00000000 ____D C:\Documents and Settings\Avram

2013-12-11 11:05 - 2007-03-02 20:33 - 00000278 ___SH C:\Documents and Settings\Nita Guz\ntuser.ini

2013-12-11 11:04 - 2011-02-27 13:04 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\Here

2013-12-10 22:42 - 2013-05-30 18:42 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-12-10 22:42 - 2011-06-17 09:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2013-12-10 16:17 - 2013-12-10 16:17 - 00000000 ____D C:\Documents and Settings\Avram\Application Data\IObit

2013-12-10 16:15 - 2007-03-02 20:33 - 00000000 ____D C:\Documents and Settings\Nita Guz

2013-12-10 15:32 - 2008-08-01 18:53 - 00000000 ____D C:\WINDOWS\ERDNT

2013-12-10 15:31 - 2007-03-02 21:24 - 00000000 __SHD C:\Documents and Settings\Nita Guz\UserData

2013-12-10 14:42 - 2009-01-02 17:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-12-10 14:26 - 2013-12-10 14:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-10 14:26 - 2011-09-16 11:00 - 00000737 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

2013-12-10 14:26 - 2011-09-16 11:00 - 00000731 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2013-12-10 14:15 - 2013-10-12 18:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

2013-12-10 14:15 - 2012-02-18 12:27 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-10 14:14 - 2012-02-18 12:27 - 00000000 ____D C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Thunderbird

2013-12-10 13:32 - 2009-10-15 02:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969059$

2013-12-10 13:31 - 2013-12-10 12:27 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

2013-12-10 13:31 - 2013-12-10 12:27 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt

2013-12-10 13:31 - 2011-04-15 02:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2511455$

2013-12-10 12:26 - 2013-12-10 12:26 - 00000000 _____ C:\asc_rdflag

2013-12-10 12:26 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\NetworkService

2013-12-10 12:26 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\LocalService

2013-12-10 12:25 - 2013-12-07 14:49 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt

2013-12-10 12:25 - 2013-12-07 14:49 - 00065536 _____ C:\WINDOWS\system32\config\Microsof.evt

2013-12-09 16:25 - 2007-03-03 13:56 - 00002445 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Open Office Document.lnk

2013-12-09 16:23 - 2004-08-10 13:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-12-08 20:14 - 2012-08-22 16:00 - 00000000 ____D C:\Program Files\OpenOffice.org 3

2013-12-08 20:04 - 2013-12-08 20:04 - 00002045 _____ C:\Documents and Settings\Nita Guz\Desktop\Search.lnk

2013-12-08 18:48 - 2013-12-08 18:48 - 00035371 _____ C:\Documents and Settings\Nita Guz\Desktop\henry war years.odt

2013-12-07 15:02 - 2013-12-07 15:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

2013-12-07 14:59 - 2004-08-10 12:57 - 01455658 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-12-07 14:56 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\security

2013-12-07 14:55 - 2011-02-25 11:50 - 00000000 ____D C:\WINDOWS\ie8updates

2013-12-07 14:54 - 2007-02-24 18:29 - 00000000 ___HD C:\WINDOWS\$hf_mig$

2013-12-07 14:52 - 2013-12-07 14:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

2013-12-07 14:50 - 2004-08-10 13:00 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\winrm

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$

2013-12-07 14:49 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\Help

2013-12-07 14:48 - 2013-12-07 14:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$

2013-12-06 11:52 - 2010-12-20 13:20 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2013-12-04 16:40 - 2013-11-27 14:33 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\family photos

2013-12-04 16:39 - 2007-09-21 13:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe

2013-12-04 16:39 - 2007-03-02 23:52 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\Adobe

2013-12-04 15:38 - 2010-03-14 11:45 - 00000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

2013-12-03 17:26 - 2007-03-03 00:07 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\MailWasher

2013-12-03 10:12 - 2007-03-02 23:58 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\chipmark

2013-12-02 12:32 - 2007-03-03 13:56 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

2013-11-28 10:45 - 2012-04-22 17:12 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\phonebook

2013-11-27 12:19 - 2010-12-20 13:23 - 00000292 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-11-26 14:07 - 2013-11-26 14:07 - 00056668 _____ C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA).htm

2013-11-26 14:07 - 2013-11-26 14:07 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA)_files

2013-11-25 17:37 - 2013-11-25 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log

2013-11-25 11:25 - 2013-01-11 17:59 - 00000292 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-11-21 18:23 - 2013-11-21 18:23 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\phonebook2

2013-11-21 18:22 - 2013-11-21 18:22 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\Summer in the Park

2013-11-21 14:25 - 2013-11-21 14:25 - 00000830 _____ C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk

2013-11-21 14:25 - 2013-11-21 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2

2013-11-21 14:25 - 2013-09-25 13:04 - 00000000 ____D C:\Program Files\IObit

2013-11-21 14:25 - 2013-09-25 13:04 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\IObit

2013-11-19 10:21 - 2010-09-14 18:28 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2013-11-19 09:54 - 2007-03-02 23:56 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\Knitting tips

2013-11-19 09:39 - 2013-09-01 14:06 - 00001705 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

2013-11-19 09:39 - 2011-01-27 12:29 - 00001945 _____ C:\WINDOWS\epplauncher.mif

2013-11-19 09:38 - 2013-09-01 14:06 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-15 18:45 - 2013-11-15 18:45 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\Banet tree

2013-11-15 12:39 - 2007-03-02 23:56 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\kpatterns

2013-11-14 11:58 - 2011-10-05 16:51 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\AvramTax

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

2013-11-14 10:48 - 2013-08-15 11:13 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-11-14 10:43 - 2007-03-02 22:18 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

 

Files to move or delete:

====================

C:\Documents and Settings\All Users\hash.dat

C:\Documents and Settings\Nita Guz\GoToAssist_phone__319_en.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013

Ran by Nita Guz (administrator) on D9XW9S2J on 12-12-2013 16:48:03

Running from C:\Documents and Settings\Nita Guz\Desktop\downloads

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(Motive Communications, Inc.) C:\Program Files\btbb_wcm\McciTrayApp.exe

() C:\WINDOWS\vsnpstd3.exe

() C:\Program Files\Logitech\QuickCam\Quickcam.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

(Visioneer Inc) C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\CFNetAgent.exe

(Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE

() C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\FireWallSetting.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(FileOpen Systems Inc.) C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe

(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

() C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [btbb_wcm_McciTrayApp] - C:\Program Files\btbb_wcm\McciTrayApp.exe [935936 2006-12-07] (Motive Communications, Inc.)

HKLM\...\Run: [snpstd3] - C:\WINDOWS\vsnpstd3.exe [827392 2006-09-19] ()

HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] ()

HKLM\...\Run: [LogitechCommunicationsManager] - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()

HKLM\...\Run: [OneTouch Monitor] - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [86016 2002-09-13] (Visioneer Inc)

HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-08-15] (SigmaTel, Inc.)

HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2007-08-11] (Google)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-17] (Apple Inc.)

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [PPWebCap] - C:\Program Files\ScanSoft\PaperPort\PPWEBCAP.EXE [43008 2001-10-15] (Scansoft Inc.)

HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)

HKCU\...\Run: [Yahoo! Pager] - C:\Program Files\Yahoo!\Messenger\ypager.exe [2478080 2005-08-31] ()

HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [439360 2013-08-13] (BillP Studios)

HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-11-10] (Google Inc.)

HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [694152 2013-09-05] (Adobe Systems Incorporated)

MountPoints2: {2be6cb28-ca5e-11db-9133-0011f5300101} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Tracleer_Product_Info.pdf

MountPoints2: {78144477-b04d-11df-8c03-001aa006528a} - G:\StartClickFreeBackup.exe

HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\Avram\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\Avram\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Avram\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-03-17] (Apple Inc.)

HKU\Avram\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-11-10] (Google Inc.)

HKU\Avram\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin

HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\TEMP\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2006-08-28] (Gteko Ltd.)

HKU\TEMP\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-11-10] (Google Inc.)

AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2007-08-10] (Google)

Startup: C:\Documents and Settings\Nita Guz\Start Menu\Programs\Canon iP4200\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&q={searchTerms}&installDate=08/12/2013

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&q={searchTerms}&installDate=08/12/2013

BHO: Tensons.Application.DownloadAcceleratorManager.BHO - {00000003-1118-11da-8cd6-0800200c9888} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO: No Name - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -  No File

BHO: No Name - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -  No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238492181875

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab

DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default

FF NewTab: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=nt&installDate=08/12/2013

FF Homepage: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=hp&installDate=08/12/2013

FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&installDate=08/12/2013&q=

FF NetworkProxy: "no_proxies_on", "127.0.0.1,*.local"

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1 - C:\Program Files\Yahoo!\Shared\npYState.dll ( )

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF SearchPlugin: C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\searchplugins\Web Search.xml

FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\ascsurfingprotection@iobit.com

FF Extension: No Name - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\nostmp

FF Extension: TidyNetwork - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\TidyNetwork@TidyNetwork

FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

 

Chrome:

=======

CHR HomePage: hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=hp&installDate=08/12/2013

CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=hp&installDate=08/12/2013"

CHR DefaultSearchKeyword: google.co.uk

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Download Accelerator Manager Mozilla/Netscape/Opera plugin) - C:\Program Files\Mozilla Firefox\plugins\NpDam.dll No File

CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll No File

CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File

CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File

CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll No File

CHR Plugin: (Microsoft\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Microsoft\u00C2\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Snap.Do ) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0

CHR Extension: (YouTube) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (RealDownloader) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0

CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1

CHR Extension: (Google Wallet) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (TidyNetwork ) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbdbpkadjpomaialbgiidmfolgoghbff\5.0.0.0_0

CHR Extension: (Gmail) - C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx

CHR HKLM\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files\albrechto\nkopijddpkmggacdghppacglggodkcod.crx

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)

R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)

S3 ClickFreeC3WifiCfgService; c:\documents and settings\all users\application data\OfficeGuardianC3\C3WiFiCfg.EXE [320840 2010-08-23] ()

R2 ClickFreeCFNetAgentService; C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\CFNetAgent.exe [230728 2010-07-14] ()

R2 ClickFreeFirewallSettingService; C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\FireWallSetting.exe [185672 2010-07-14] ()

R2 FileOpenManagerSvc; C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe [212352 2011-03-09] (FileOpen Systems Inc.)

S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1838592 2007-08-11] (Google)

S4 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)

R3 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)

S3 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)

S3 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S3 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

S3 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

S3 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)

S3 YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [86016 2003-05-19] (Yahoo! Inc.)

S3 usnjsvc; "C:\Program Files\MSN Messenger\usnsvc.exe" [x]

S4 Util albrechto; "C:\Program Files\albrechto\bin\utilalbrechto.exe" [x]

 

==================== Drivers (Whitelisted) ====================

 

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)

S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [247968 2013-03-23] (IObit)

S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)

R3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2006-12-08] (Motive, Inc.)

R3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2006-03-24] (Motive, Inc.)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [168040 2013-10-26] (NVIDIA Corporation)

S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31520 2013-03-26] (IObit.com)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()

S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)

R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2006-08-15] (SigmaTel, Inc.)

S3 UPATC; C:\Windows\System32\DRIVERS\upatc.sys [94688 2001-08-29] (SCM Microsystems Inc.)

S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2013-03-26] (IObit.com)

S0 IKFileSec; system32\drivers\ikfilesec.sys [x]

S1 IKSysFlt; system32\drivers\iksysflt.sys [x]

S1 IKSysSec; system32\drivers\iksyssec.sys [x]

S0 Lbd; system32\DRIVERS\Lbd.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S2 Stltrk2k; No ImagePath

U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

S3 wanusb; system32\DRIVERS\gwausb.sys [x]

U1 WS2IFSL;

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-12 16:47 - 2013-12-12 16:47 - 00000000 ____D C:\FRST

2013-12-12 16:19 - 2013-12-12 16:21 - 00004992 _____ C:\WINDOWS\KB2898715.log

2013-12-12 16:19 - 2013-12-12 16:20 - 00005506 _____ C:\WINDOWS\KB2893984.log

2013-12-12 16:19 - 2013-12-12 16:20 - 00005052 _____ C:\WINDOWS\KB2892075.log

2013-12-12 16:19 - 2013-12-12 16:20 - 00004983 _____ C:\WINDOWS\KB2893294.log

2013-12-12 16:19 - 2013-12-12 16:19 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-10 16:17 - 2013-12-10 16:17 - 00000000 ____D C:\Documents and Settings\Avram\Application Data\IObit

2013-12-10 14:26 - 2013-12-10 14:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-10 14:25 - 2013-12-12 16:38 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-10 12:27 - 2013-12-10 13:31 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

2013-12-10 12:27 - 2013-12-10 13:31 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt

2013-12-10 12:26 - 2013-12-10 12:26 - 00000000 _____ C:\asc_rdflag

2013-12-08 20:04 - 2013-12-08 20:04 - 00002045 _____ C:\Documents and Settings\Nita Guz\Desktop\Search.lnk

2013-12-08 18:48 - 2013-12-08 18:48 - 00035371 _____ C:\Documents and Settings\Nita Guz\Desktop\henry war years.odt

2013-12-07 15:02 - 2013-12-07 15:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

2013-12-07 15:00 - 2013-03-26 22:53 - 00074752 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cryptdlg.dll

2013-12-07 14:52 - 2013-12-07 14:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

2013-12-07 14:50 - 2011-03-11 14:10 - 00225262 ____N C:\WINDOWS\system32\dllcache\msimain.sdb

2013-12-07 14:49 - 2013-12-10 12:25 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt

2013-12-07 14:49 - 2013-12-10 12:25 - 00065536 _____ C:\WINDOWS\system32\config\Microsof.evt

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\winrm

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$

2013-12-07 14:48 - 2013-12-07 14:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$

2013-12-07 14:48 - 2013-04-17 19:22 - 00023360 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe

2013-11-27 14:33 - 2013-12-04 16:40 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\family photos

2013-11-26 14:07 - 2013-11-26 14:07 - 00056668 _____ C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA).htm

2013-11-26 14:07 - 2013-11-26 14:07 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA)_files

2013-11-25 17:37 - 2013-12-12 14:16 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-11-25 17:37 - 2013-12-12 14:15 - 00000263 _____ C:\WINDOWS\wiadebug.log

2013-11-25 17:37 - 2013-12-11 11:05 - 00032526 _____ C:\WINDOWS\SchedLgU.Txt

2013-11-25 17:37 - 2013-11-25 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log

2013-11-21 18:23 - 2013-11-21 18:23 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\phonebook2

2013-11-21 18:22 - 2013-11-21 18:22 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\Summer in the Park

2013-11-21 14:25 - 2013-11-21 14:25 - 00000830 _____ C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk

2013-11-21 14:25 - 2013-11-21 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2

2013-11-21 14:25 - 2013-05-22 18:49 - 00014776 _____ C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

2013-11-19 09:48 - 2013-12-11 11:18 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-11-15 18:45 - 2013-11-15 18:45 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\Banet tree

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

 

==================== One Month Modified Files and Folders =======

 

2013-12-12 16:47 - 2013-12-12 16:47 - 00000000 ____D C:\FRST

2013-12-12 16:42 - 2013-05-30 18:42 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-12-12 16:38 - 2013-12-10 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-12-12 16:25 - 2004-08-10 13:02 - 01106037 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-12 16:21 - 2013-12-12 16:19 - 00004992 _____ C:\WINDOWS\KB2898715.log

2013-12-12 16:20 - 2013-12-12 16:19 - 00005506 _____ C:\WINDOWS\KB2893984.log

2013-12-12 16:20 - 2013-12-12 16:19 - 00005052 _____ C:\WINDOWS\KB2892075.log

2013-12-12 16:20 - 2013-12-12 16:19 - 00004983 _____ C:\WINDOWS\KB2893294.log

2013-12-12 16:19 - 2013-12-12 16:19 - 00000000 ____D C:\WINDOWS\LastGood

2013-12-12 16:16 - 2007-04-25 09:08 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\Skype

2013-12-12 14:16 - 2013-11-25 17:37 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-12 14:15 - 2013-11-25 17:37 - 00000263 _____ C:\WINDOWS\wiadebug.log

2013-12-12 11:51 - 2010-01-04 10:20 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-11 17:07 - 2007-03-03 13:56 - 00002435 _____ C:\Documents and Settings\All Users\Start Menu\Programs\New Office Document.lnk

2013-12-11 17:06 - 2013-09-25 13:05 - 00000274 _____ C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job

2013-12-11 11:21 - 2011-01-12 11:20 - 00000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-106739292-653456445-1234974741-1007.job

2013-12-11 11:18 - 2013-11-19 09:48 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-12-11 11:08 - 2004-08-10 12:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-12-11 11:07 - 2013-10-26 18:17 - 00000278 _____ C:\WINDOWS\Tasks\Driver Booster Update.job

2013-12-11 11:07 - 2013-10-26 18:17 - 00000276 _____ C:\WINDOWS\Tasks\Driver Booster Scan.job

2013-12-11 11:07 - 2013-01-11 17:59 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-12-11 11:07 - 2011-01-12 11:20 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-106739292-653456445-1234974741-1007.job

2013-12-11 11:07 - 2010-12-20 13:23 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-12-11 11:07 - 2010-01-04 10:20 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-11 11:06 - 2009-06-12 02:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969898$

2013-12-11 11:06 - 2004-08-10 13:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-11 11:05 - 2013-11-25 17:37 - 00032526 _____ C:\WINDOWS\SchedLgU.Txt

2013-12-11 11:05 - 2007-03-07 14:25 - 00000178 ___SH C:\Documents and Settings\Avram\ntuser.ini

2013-12-11 11:05 - 2007-03-07 14:25 - 00000000 ____D C:\Documents and Settings\Avram

2013-12-11 11:05 - 2007-03-02 20:33 - 00000278 ___SH C:\Documents and Settings\Nita Guz\ntuser.ini

2013-12-11 11:04 - 2011-02-27 13:04 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\Here

2013-12-10 22:42 - 2013-05-30 18:42 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-12-10 22:42 - 2011-06-17 09:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2013-12-10 16:17 - 2013-12-10 16:17 - 00000000 ____D C:\Documents and Settings\Avram\Application Data\IObit

2013-12-10 16:15 - 2007-03-02 20:33 - 00000000 ____D C:\Documents and Settings\Nita Guz

2013-12-10 15:32 - 2008-08-01 18:53 - 00000000 ____D C:\WINDOWS\ERDNT

2013-12-10 15:31 - 2007-03-02 21:24 - 00000000 __SHD C:\Documents and Settings\Nita Guz\UserData

2013-12-10 14:42 - 2009-01-02 17:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-12-10 14:26 - 2013-12-10 14:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-12-10 14:26 - 2011-09-16 11:00 - 00000737 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

2013-12-10 14:26 - 2011-09-16 11:00 - 00000731 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

2013-12-10 14:15 - 2013-10-12 18:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$

2013-12-10 14:15 - 2012-02-18 12:27 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-12-10 14:14 - 2012-02-18 12:27 - 00000000 ____D C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Thunderbird

2013-12-10 13:32 - 2009-10-15 02:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969059$

2013-12-10 13:31 - 2013-12-10 12:27 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt

2013-12-10 13:31 - 2013-12-10 12:27 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt

2013-12-10 13:31 - 2011-04-15 02:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2511455$

2013-12-10 12:26 - 2013-12-10 12:26 - 00000000 _____ C:\asc_rdflag

2013-12-10 12:26 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\NetworkService

2013-12-10 12:26 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\LocalService

2013-12-10 12:25 - 2013-12-07 14:49 - 00065536 _____ C:\WINDOWS\system32\config\Windows .evt

2013-12-10 12:25 - 2013-12-07 14:49 - 00065536 _____ C:\WINDOWS\system32\config\Microsof.evt

2013-12-09 16:25 - 2007-03-03 13:56 - 00002445 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Open Office Document.lnk

2013-12-09 16:23 - 2004-08-10 13:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-12-08 20:14 - 2012-08-22 16:00 - 00000000 ____D C:\Program Files\OpenOffice.org 3

2013-12-08 20:04 - 2013-12-08 20:04 - 00002045 _____ C:\Documents and Settings\Nita Guz\Desktop\Search.lnk

2013-12-08 18:48 - 2013-12-08 18:48 - 00035371 _____ C:\Documents and Settings\Nita Guz\Desktop\henry war years.odt

2013-12-07 15:02 - 2013-12-07 15:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$

2013-12-07 14:59 - 2004-08-10 12:57 - 01455658 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-12-07 14:56 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\security

2013-12-07 14:55 - 2011-02-25 11:50 - 00000000 ____D C:\WINDOWS\ie8updates

2013-12-07 14:54 - 2007-02-24 18:29 - 00000000 ___HD C:\WINDOWS\$hf_mig$

2013-12-07 14:52 - 2013-12-07 14:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$

2013-12-07 14:50 - 2004-08-10 13:00 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\winrm

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy

2013-12-07 14:49 - 2013-12-07 14:49 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$

2013-12-07 14:49 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\Help

2013-12-07 14:48 - 2013-12-07 14:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$

2013-12-06 11:52 - 2010-12-20 13:20 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2013-12-04 16:40 - 2013-11-27 14:33 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\family photos

2013-12-04 16:39 - 2007-09-21 13:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe

2013-12-04 16:39 - 2007-03-02 23:52 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\Adobe

2013-12-04 15:38 - 2010-03-14 11:45 - 00000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

2013-12-03 17:26 - 2007-03-03 00:07 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\MailWasher

2013-12-03 10:12 - 2007-03-02 23:58 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\chipmark

2013-12-02 12:32 - 2007-03-03 13:56 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

2013-11-28 10:45 - 2012-04-22 17:12 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\phonebook

2013-11-27 12:19 - 2010-12-20 13:23 - 00000292 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-11-26 14:07 - 2013-11-26 14:07 - 00056668 _____ C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA).htm

2013-11-26 14:07 - 2013-11-26 14:07 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\(AA02) Dormant Company Accounts (DCA)_files

2013-11-25 17:37 - 2013-11-25 17:37 - 00000000 ____N C:\WINDOWS\Sti_Trace.log

2013-11-25 11:25 - 2013-01-11 17:59 - 00000292 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-106739292-653456445-1234974741-1006.job

2013-11-21 18:23 - 2013-11-21 18:23 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\phonebook2

2013-11-21 18:22 - 2013-11-21 18:22 - 00000000 ____D C:\Documents and Settings\Nita Guz\Desktop\Summer in the Park

2013-11-21 14:25 - 2013-11-21 14:25 - 00000830 _____ C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk

2013-11-21 14:25 - 2013-11-21 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2

2013-11-21 14:25 - 2013-09-25 13:04 - 00000000 ____D C:\Program Files\IObit

2013-11-21 14:25 - 2013-09-25 13:04 - 00000000 ____D C:\Documents and Settings\Nita Guz\Application Data\IObit

2013-11-19 10:21 - 2010-09-14 18:28 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2013-11-19 09:54 - 2007-03-02 23:56 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\Knitting tips

2013-11-19 09:39 - 2013-09-01 14:06 - 00001705 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

2013-11-19 09:39 - 2011-01-27 12:29 - 00001945 _____ C:\WINDOWS\epplauncher.mif

2013-11-19 09:38 - 2013-09-01 14:06 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-15 18:45 - 2013-11-15 18:45 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\Banet tree

2013-11-15 12:39 - 2007-03-02 23:56 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\kpatterns

2013-11-14 11:58 - 2011-10-05 16:51 - 00000000 ____D C:\Documents and Settings\Nita Guz\My Documents\AvramTax

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$

2013-11-14 10:51 - 2013-11-14 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

2013-11-14 10:48 - 2013-08-15 11:13 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-11-14 10:43 - 2007-03-02 22:18 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

 

Files to move or delete:

====================

C:\Documents and Settings\All Users\hash.dat

C:\Documents and Settings\Nita Guz\GoToAssist_phone__319_en.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================



#7 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 12 December 2013 - 12:21 PM

I did the TDSSKiller scan which came up with no threats, however I am unable to post the report as it does not respond to any copy and paste commands, is there some other way to do it.

Thanks



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 14 December 2013 - 10:03 AM

attach the log file via the "More Reply options" on the bottom right


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 14 December 2013 - 10:27 AM

Please see next post


Edited by Nita, 14 December 2013 - 10:34 AM.


#10 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 14 December 2013 - 10:33 AM

15:16:42.0546 0x1620  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
15:16:48.0015 0x1620  ============================================================
15:16:48.0015 0x1620  Current date / time: 2013/12/14 15:16:48.0015
15:16:48.0015 0x1620  SystemInfo:
15:16:48.0015 0x1620  
15:16:48.0015 0x1620  OS Version: 5.1.2600 ServicePack: 3.0
15:16:48.0015 0x1620  Product type: Workstation
15:16:48.0046 0x1620  ComputerName: D9XW9S2J
15:16:48.0046 0x1620  UserName: Nita Guz
15:16:48.0046 0x1620  Windows directory: C:\WINDOWS
15:16:48.0046 0x1620  System windows directory: C:\WINDOWS
15:16:48.0046 0x1620  Processor architecture: Intel x86
15:16:48.0046 0x1620  Number of processors: 1
15:16:48.0046 0x1620  Page size: 0x1000
15:16:48.0046 0x1620  Boot type: Normal boot
15:16:48.0078 0x1620  ============================================================
15:16:57.0218 0x1620  KLMD registered as C:\WINDOWS\system32\drivers\86664854.sys
15:16:58.0718 0x1620  System UUID: {62D7C19A-EF21-4484-F6CA-C69C90E7836F}
15:17:04.0437 0x1620  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
15:17:04.0578 0x1620  Drive \Device\Harddisk1\DR5 - Size: 0x7B80000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:17:04.0578 0x1620  ============================================================
15:17:04.0578 0x1620  \Device\Harddisk0\DR0:
15:17:04.0578 0x1620  MBR partitions:
15:17:04.0578 0x1620  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xD92C09F
15:17:04.0625 0x1620  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD93FAA3, BlocksNum 0x4A7967E
15:17:04.0625 0x1620  \Device\Harddisk1\DR5:
15:17:04.0625 0x1620  MBR partitions:
15:17:04.0625 0x1620  \Device\Harddisk1\DR5\Partition1: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0x3DBE0
15:17:04.0625 0x1620  ============================================================
15:17:05.0156 0x1620  C: <-> \Device\Harddisk0\DR0\Partition1
15:17:05.0390 0x1620  D: <-> \Device\Harddisk0\DR0\Partition2
15:17:05.0406 0x1620  ============================================================
15:17:05.0406 0x1620  Initialize success
15:17:05.0406 0x1620  ============================================================
15:17:08.0406 0x0df4  ============================================================
15:17:08.0406 0x0df4  Scan started
15:17:08.0406 0x0df4  Mode: Manual;
15:17:08.0406 0x0df4  ============================================================
15:17:08.0406 0x0df4  KSN ping started
15:17:24.0546 0x0df4  KSN ping finished: true
15:17:26.0046 0x0df4  ================ Scan system memory ========================
15:17:26.0046 0x0df4  System memory - ok
15:17:26.0046 0x0df4  ================ Scan services =============================
15:17:26.0296 0x0df4  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF, 558231A81D30F98D2285D3AC63E0B33D0BB8BA182115E263436CC431BA4CC0CD ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:17:26.0312 0x0df4  !SASCORE - ok
15:17:26.0921 0x0df4  Abiosdsk - ok
15:17:26.0968 0x0df4  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:17:26.0984 0x0df4  abp480n5 - ok
15:17:27.0062 0x0df4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:17:27.0093 0x0df4  ACPI - ok
15:17:27.0109 0x0df4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:17:27.0109 0x0df4  ACPIEC - ok
15:17:27.0187 0x0df4  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:27.0296 0x0df4  AdobeFlashPlayerUpdateSvc - ok
15:17:27.0312 0x0df4  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:17:27.0328 0x0df4  adpu160m - ok
15:17:27.0578 0x0df4  [ 9243229DFCCC99B5441750EBA49F1B14, 1292D9A049F07E74F3E60068D839E9166BBC090A63972FBE5432D4818AA9DF47 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
15:17:27.0593 0x0df4  AdvancedSystemCareService6 - ok
15:17:27.0671 0x0df4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:17:27.0687 0x0df4  aec - ok
15:17:27.0765 0x0df4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:17:27.0781 0x0df4  AFD - ok
15:17:27.0875 0x0df4  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
15:17:27.0906 0x0df4  agp440 - ok
15:17:27.0906 0x0df4  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:17:27.0937 0x0df4  agpCPQ - ok
15:17:27.0937 0x0df4  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:17:27.0953 0x0df4  Aha154x - ok
15:17:27.0953 0x0df4  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:17:27.0984 0x0df4  aic78u2 - ok
15:17:28.0000 0x0df4  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:17:28.0015 0x0df4  aic78xx - ok
15:17:28.0078 0x0df4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:17:28.0078 0x0df4  Alerter - ok
15:17:28.0140 0x0df4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
15:17:28.0187 0x0df4  ALG - ok
15:17:28.0187 0x0df4  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
15:17:28.0187 0x0df4  AliIde - ok
15:17:28.0218 0x0df4  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:17:28.0218 0x0df4  alim1541 - ok
15:17:28.0250 0x0df4  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:17:28.0265 0x0df4  amdagp - ok
15:17:28.0296 0x0df4  [ 0A4D13B388C814560BD69C3A496ECFA8, 71ADD4C4A5C6465EA27F572DE608C348896C4C557D136718CCDD9919144F7986 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:17:28.0312 0x0df4  AmdK8 - ok
15:17:28.0328 0x0df4  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
15:17:28.0343 0x0df4  amsint - ok
15:17:28.0437 0x0df4  [ ACB095E7E1663F1B83A41C22C5D75F90, 18405B7B7D90CD7A2AD17F4D1B7688B49048CB0EBD10A98C53349E6286138418 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:28.0453 0x0df4  Apple Mobile Device - ok
15:17:28.0453 0x0df4  AppMgmt - ok
15:17:28.0484 0x0df4  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
15:17:28.0500 0x0df4  asc - ok
15:17:28.0500 0x0df4  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:17:28.0531 0x0df4  asc3350p - ok
15:17:28.0531 0x0df4  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:17:28.0562 0x0df4  asc3550 - ok
15:17:28.0718 0x0df4  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:17:28.0750 0x0df4  aspnet_state - ok
15:17:28.0796 0x0df4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:17:28.0796 0x0df4  AsyncMac - ok
15:17:28.0859 0x0df4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:17:28.0859 0x0df4  atapi - ok
15:17:28.0875 0x0df4  Atdisk - ok
15:17:28.0921 0x0df4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:17:28.0937 0x0df4  Atmarpc - ok
15:17:29.0015 0x0df4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:17:29.0015 0x0df4  AudioSrv - ok
15:17:29.0046 0x0df4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:17:29.0062 0x0df4  audstub - ok
15:17:29.0078 0x0df4  [ 78E7B52DA292FA90BAD2F887BBF22159, ABEE323C94B6665E77FE4E225B8F08A8D86B9E1EFAF541EB73EE56F913BE0483 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:17:29.0093 0x0df4  bcm4sbxp - ok
15:17:29.0140 0x0df4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:17:29.0140 0x0df4  Beep - ok
15:17:29.0265 0x0df4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:17:29.0343 0x0df4  BITS - ok
15:17:29.0453 0x0df4  [ A065F048E9E23E6C026A7BB548D126A7, 6D0309128E072A62118C9462CD849906D9609495CDE283E84211A5C9F256AEF0 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:17:29.0468 0x0df4  Bonjour Service - ok
15:17:29.0515 0x0df4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
15:17:29.0531 0x0df4  Browser - ok
15:17:29.0578 0x0df4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:17:29.0593 0x0df4  cbidf - ok
15:17:29.0609 0x0df4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:17:29.0609 0x0df4  cbidf2k - ok
15:17:29.0640 0x0df4  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:17:29.0656 0x0df4  CCDECODE - ok
15:17:29.0671 0x0df4  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:17:29.0671 0x0df4  cd20xrnt - ok
15:17:29.0734 0x0df4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:17:29.0750 0x0df4  Cdaudio - ok
15:17:29.0796 0x0df4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:17:29.0843 0x0df4  Cdfs - ok
15:17:29.0859 0x0df4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:17:29.0859 0x0df4  Cdrom - ok
15:17:29.0875 0x0df4  Changer - ok
15:17:29.0906 0x0df4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:17:29.0906 0x0df4  CiSvc - ok
15:17:30.0125 0x0df4  [ 07405A1E2E49830452AA94184FC2A4B6, A7E620141CE1FDEB779DAD779D577ECF4F2DA64F7B09A6A84546B0C7D9BE40EE ] ClickFreeC3WifiCfgService c:\documents and settings\all users\application data\OfficeGuardianC3\C3WiFiCfg.EXE
15:17:30.0140 0x0df4  ClickFreeC3WifiCfgService - ok
15:17:30.0250 0x0df4  [ FCA09B4B908E9A0391FCF9887E264553, FB5A84A546F01517C95582195478BD589EC0CCD2C28499DF1FFEA73C72604788 ] ClickFreeCFNetAgentService C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\CFNetAgent.exe
15:17:30.0265 0x0df4  ClickFreeCFNetAgentService - ok
15:17:30.0281 0x0df4  [ E124579F272B16BD0364475F2A34882B, 8FD98E9DCA69359EA79CEDE8EF77EAE635FBA3B5475EAC077962FECFE0FCB542 ] ClickFreeFirewallSettingService C:\Documents and Settings\All Users\Application Data\OfficeGuardianC3\Reminder\FireWallSetting.exe
15:17:30.0312 0x0df4  ClickFreeFirewallSettingService - ok
15:17:30.0359 0x0df4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:17:30.0375 0x0df4  ClipSrv - ok
15:17:30.0406 0x0df4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:30.0546 0x0df4  clr_optimization_v2.0.50727_32 - ok
15:17:30.0656 0x0df4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:30.0671 0x0df4  clr_optimization_v4.0.30319_32 - ok
15:17:30.0718 0x0df4  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:17:30.0718 0x0df4  CmdIde - ok
15:17:30.0734 0x0df4  COMSysApp - ok
15:17:30.0781 0x0df4  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:17:30.0828 0x0df4  Cpqarray - ok
15:17:30.0906 0x0df4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:17:30.0921 0x0df4  CryptSvc - ok
15:17:30.0984 0x0df4  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:17:31.0000 0x0df4  dac2w2k - ok
15:17:31.0046 0x0df4  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:17:31.0046 0x0df4  dac960nt - ok
15:17:31.0140 0x0df4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:17:31.0203 0x0df4  DcomLaunch - ok
15:17:31.0281 0x0df4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:17:31.0281 0x0df4  Dhcp - ok
15:17:31.0328 0x0df4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:17:31.0343 0x0df4  Disk - ok
15:17:31.0359 0x0df4  dmadmin - ok
15:17:31.0671 0x0df4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:17:31.0765 0x0df4  dmboot - ok
15:17:31.0843 0x0df4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:17:31.0890 0x0df4  dmio - ok
15:17:31.0937 0x0df4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:17:31.0953 0x0df4  dmload - ok
15:17:32.0031 0x0df4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:17:32.0062 0x0df4  dmserver - ok
15:17:32.0125 0x0df4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:17:32.0140 0x0df4  DMusic - ok
15:17:32.0234 0x0df4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:17:32.0265 0x0df4  Dnscache - ok
15:17:32.0359 0x0df4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:17:32.0375 0x0df4  Dot3svc - ok
15:17:32.0406 0x0df4  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:17:32.0453 0x0df4  dpti2o - ok
15:17:32.0515 0x0df4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:17:32.0546 0x0df4  drmkaud - ok
15:17:32.0750 0x0df4  [ 2AC2372FFAD9ADC85672CC8E8AE14BE9, 047FDB1D039C28F194222C5168D78C1BFFAE3873CE2991DF4B1097D294C04ED9 ] DSproct         C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
15:17:32.0796 0x0df4  DSproct - ok
15:17:32.0859 0x0df4  [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:17:32.0906 0x0df4  E100B - ok
15:17:32.0984 0x0df4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:17:33.0000 0x0df4  EapHost - ok
15:17:33.0046 0x0df4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:17:33.0062 0x0df4  ERSvc - ok
15:17:33.0140 0x0df4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
15:17:33.0156 0x0df4  Eventlog - ok
15:17:33.0250 0x0df4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
15:17:33.0265 0x0df4  EventSystem - ok
15:17:33.0343 0x0df4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:17:33.0406 0x0df4  Fastfat - ok
15:17:33.0468 0x0df4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:17:33.0515 0x0df4  FastUserSwitchingCompatibility - ok
15:17:33.0593 0x0df4  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
15:17:33.0640 0x0df4  Fax - ok
15:17:33.0671 0x0df4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
15:17:33.0703 0x0df4  Fdc - ok
15:17:33.0921 0x0df4  [ 9840396B26E424046AD335C98B3F16C3, F4F7F78F509D60F2B65E9256421FA06C442A21C4E372A50E97F8935FDA9E72A5 ] FileMonitor     C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
15:17:33.0984 0x0df4  FileMonitor - ok
15:17:34.0093 0x0df4  [ ACEDB7769F9043E869E252153487CC5C, 1319095DEFE9211C25DBE845332B65F45C286B56E80BE8CE5A607AADB0589557 ] FileOpenManagerSvc C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
15:17:34.0187 0x0df4  FileOpenManagerSvc - ok
15:17:34.0234 0x0df4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:17:34.0265 0x0df4  Fips - ok
15:17:34.0343 0x0df4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:17:34.0406 0x0df4  Flpydisk - ok
15:17:34.0531 0x0df4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
15:17:34.0625 0x0df4  FltMgr - ok
15:17:34.0656 0x0df4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:17:34.0671 0x0df4  Fs_Rec - ok
15:17:34.0703 0x0df4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:17:34.0734 0x0df4  Ftdisk - ok
15:17:34.0796 0x0df4  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:17:34.0875 0x0df4  GEARAspiWDM - ok
15:17:35.0593 0x0df4  [ 6DFE6B4D2FC37433AEC0F82D2EF0B509, CF800B99FAC792BBBBA8EA5AC3C955DC75364102AF8D830DA76BB8C6EDFCC2D3 ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:17:35.0890 0x0df4  GoogleDesktopManager - ok
15:17:35.0953 0x0df4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:17:36.0000 0x0df4  Gpc - ok
15:17:36.0078 0x0df4  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:17:36.0093 0x0df4  gupdate - ok
15:17:36.0125 0x0df4  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:17:36.0140 0x0df4  gupdatem - ok
15:17:36.0234 0x0df4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:17:36.0312 0x0df4  gusvc - ok
15:17:36.0390 0x0df4  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:17:36.0421 0x0df4  HDAudBus - ok
15:17:36.0703 0x0df4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:17:36.0796 0x0df4  helpsvc - ok
15:17:36.0937 0x0df4  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
15:17:37.0031 0x0df4  HidServ - ok
15:17:37.0125 0x0df4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:17:37.0171 0x0df4  HidUsb - ok
15:17:37.0265 0x0df4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:17:37.0281 0x0df4  hkmsvc - ok
15:17:37.0328 0x0df4  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
15:17:37.0343 0x0df4  hpn - ok
15:17:37.0421 0x0df4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:17:37.0468 0x0df4  HTTP - ok
15:17:37.0531 0x0df4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:17:37.0546 0x0df4  HTTPFilter - ok
15:17:37.0609 0x0df4  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
15:17:37.0609 0x0df4  i2omgmt - ok
15:17:37.0640 0x0df4  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:17:37.0656 0x0df4  i2omp - ok
15:17:37.0687 0x0df4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:17:37.0718 0x0df4  i8042prt - ok
15:17:37.0843 0x0df4  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:17:37.0859 0x0df4  IDriverT - ok
15:17:38.0078 0x0df4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:17:38.0453 0x0df4  idsvc - ok
15:17:38.0468 0x0df4  IKFileSec - ok
15:17:38.0484 0x0df4  IKSysFlt - ok
15:17:38.0500 0x0df4  IKSysSec - ok
15:17:38.0531 0x0df4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:17:38.0546 0x0df4  Imapi - ok
15:17:38.0625 0x0df4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:17:38.0640 0x0df4  ImapiService - ok
15:17:38.0718 0x0df4  [ 24EA4E2F76E216CE70353736E3556585, 6906CAE337E4E149FD2056F787B39CA7CF0EAAEF14846B2A9C8741DAFD040468 ] IMFservice      C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
15:17:38.0812 0x0df4  IMFservice - ok
15:17:38.0859 0x0df4  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:17:38.0953 0x0df4  ini910u - ok
15:17:39.0015 0x0df4  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
15:17:39.0062 0x0df4  IntelIde - ok
15:17:39.0109 0x0df4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:17:39.0156 0x0df4  intelppm - ok
15:17:39.0218 0x0df4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
15:17:39.0250 0x0df4  Ip6Fw - ok
15:17:39.0328 0x0df4  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:17:39.0359 0x0df4  IpFilterDriver - ok
15:17:39.0390 0x0df4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:17:39.0406 0x0df4  IpInIp - ok
15:17:39.0515 0x0df4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:17:39.0578 0x0df4  IpNat - ok
15:17:39.0687 0x0df4  [ D8389F60EC63FB8197772349E82B5BB7, 6DC37FAC2537187B0F2C832676F2C872C31FC2FD16BC0C5ABCB8F756A97D570D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:17:39.0828 0x0df4  iPod Service - ok
15:17:39.0906 0x0df4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:17:39.0937 0x0df4  IPSec - ok
15:17:40.0015 0x0df4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:17:40.0062 0x0df4  IRENUM - ok
15:17:40.0125 0x0df4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:17:40.0187 0x0df4  isapnp - ok
15:17:40.0234 0x0df4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:17:40.0281 0x0df4  Kbdclass - ok
15:17:40.0359 0x0df4  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:17:40.0421 0x0df4  kbdhid - ok
15:17:40.0468 0x0df4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:17:40.0515 0x0df4  kmixer - ok
15:17:40.0562 0x0df4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:17:40.0578 0x0df4  KSecDD - ok
15:17:40.0640 0x0df4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
15:17:40.0656 0x0df4  lanmanserver - ok
15:17:40.0703 0x0df4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:17:40.0734 0x0df4  lanmanworkstation - ok
15:17:40.0734 0x0df4  Lbd - ok
15:17:40.0765 0x0df4  lbrtfdc - ok
15:17:40.0843 0x0df4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:17:40.0875 0x0df4  LmHosts - ok
15:17:41.0359 0x0df4  [ 8113133EC42DD6C566908008CE913EDD, 9D388AEF0A1F62E45D1F84D0429B6AD3AB3FE73ABB0C9E0564B6D91337A74E98 ] LVcKap          C:\WINDOWS\system32\DRIVERS\LVcKap.sys
15:17:41.0843 0x0df4  LVcKap - ok
15:17:41.0984 0x0df4  [ 9E41266C68C11D7101A2D18CD1F7553E, ECFE65FDEA7F9A10F5B776370AE6F2DEA6BB7C249902F034BB199C0548356E5E ] LVCOMSer        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
15:17:42.0000 0x0df4  LVCOMSer - ok
15:17:42.0187 0x0df4  [ 0DD5B8AF4917A2821047450195C511B3, 9F5D57CA468DCE508E5A037543A6D99F535F84C35BB49B0FF96A2C385AB8A247 ] LVMVDrv         C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
15:17:42.0328 0x0df4  LVMVDrv - ok
15:17:42.0375 0x0df4  [ 406B1D186F75B4B4832D6237859E1B00, 7FB2657F98B425262F57574FEFF70ECCCEAD2238F10195D347AA95EAA632109D ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
15:17:42.0375 0x0df4  LVPr2Mon - ok
15:17:42.0421 0x0df4  [ 85C2E84BC1224C75A20B5560D5A15DB9, C95E4FB231DF7381CC66B91FACE99BA21FF2E5A0ED8D4BD7B317A5ADBF604D51 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:17:42.0437 0x0df4  LVPrcSrv - ok
15:17:42.0453 0x0df4  [ 656180E9C0C5199520972426C44BC2F0, AE5EDCA443A2C530247E27882DAFAECBE814C7575CF162A8C7ED5CD0B5049AEC ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
15:17:42.0453 0x0df4  LVSrvLauncher - ok
15:17:42.0500 0x0df4  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
15:17:42.0562 0x0df4  MBAMProtector - ok
15:17:42.0718 0x0df4  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:17:42.0750 0x0df4  MBAMScheduler - ok
15:17:43.0015 0x0df4  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:17:43.0218 0x0df4  MBAMService - ok
15:17:43.0296 0x0df4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:17:43.0296 0x0df4  Messenger - ok
15:17:43.0328 0x0df4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:17:43.0343 0x0df4  mnmdd - ok
15:17:43.0421 0x0df4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:17:43.0437 0x0df4  mnmsrvc - ok
15:17:43.0484 0x0df4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:17:43.0515 0x0df4  Modem - ok
15:17:43.0578 0x0df4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:17:43.0593 0x0df4  Mouclass - ok
15:17:43.0656 0x0df4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:17:43.0656 0x0df4  mouhid - ok
15:17:43.0718 0x0df4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:17:43.0750 0x0df4  MountMgr - ok
15:17:43.0812 0x0df4  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:17:43.0828 0x0df4  MozillaMaintenance - ok
15:17:43.0906 0x0df4  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:17:43.0921 0x0df4  MpFilter - ok
15:17:44.0109 0x0df4  [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl5883e747   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9CF7CCE7-C014-4D1D-AD50-6D4D822631CA}\MpKsl5883e747.sys
15:17:44.0109 0x0df4  MpKsl5883e747 - ok
15:17:44.0171 0x0df4  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:17:44.0187 0x0df4  mraid35x - ok
15:17:44.0328 0x0df4  [ 2BC9E43F55DE8C30FC817ED56D0EE907, 0100BE629A0B80DDBC87AECA8E558C8B90A9884CE0530673899DC946D3A6C069 ] MREMPR5         C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
15:17:44.0359 0x0df4  MREMPR5 - ok
15:17:44.0421 0x0df4  [ 594B9D8194E3F4ECBF0325BD10BBEB05, BA002410AB77F129564FBA4BA2989B8E4E7128F81C016D742ADBAA40D55728F3 ] MRENDIS5        C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
15:17:44.0437 0x0df4  MRENDIS5 - ok
15:17:44.0500 0x0df4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:17:44.0515 0x0df4  MRxDAV - ok
15:17:44.0656 0x0df4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:17:44.0750 0x0df4  MRxSmb - ok
15:17:44.0796 0x0df4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:17:44.0796 0x0df4  MSDTC - ok
15:17:44.0859 0x0df4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:17:44.0875 0x0df4  Msfs - ok
15:17:44.0890 0x0df4  MSIServer - ok
15:17:44.0968 0x0df4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:17:44.0984 0x0df4  MSKSSRV - ok
15:17:45.0109 0x0df4  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:17:45.0109 0x0df4  MsMpSvc - ok
15:17:45.0140 0x0df4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:17:45.0171 0x0df4  MSPCLOCK - ok
15:17:45.0203 0x0df4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:17:45.0218 0x0df4  MSPQM - ok
15:17:45.0312 0x0df4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:17:45.0328 0x0df4  mssmbios - ok
15:17:45.0390 0x0df4  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:17:45.0421 0x0df4  MSTEE - ok
15:17:45.0468 0x0df4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:17:45.0484 0x0df4  Mup - ok
15:17:45.0531 0x0df4  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:17:45.0562 0x0df4  NABTSFEC - ok
15:17:45.0734 0x0df4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:17:45.0765 0x0df4  napagent - ok
15:17:45.0828 0x0df4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:17:45.0859 0x0df4  NDIS - ok
15:17:45.0921 0x0df4  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:17:45.0937 0x0df4  NdisIP - ok
15:17:46.0000 0x0df4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:17:46.0000 0x0df4  NdisTapi - ok
15:17:46.0062 0x0df4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:17:46.0078 0x0df4  Ndisuio - ok
15:17:46.0109 0x0df4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:17:46.0125 0x0df4  NdisWan - ok
15:17:46.0203 0x0df4  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:17:46.0203 0x0df4  NDProxy - ok
15:17:46.0265 0x0df4  [ 284432E671F1AF6B09B81DA24D3ABCAE, 8E093E7966AD6BB112A19DB5443CB5A0A083758B99AEFA334E1E61086ED27AE7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
15:17:46.0281 0x0df4  Net Driver HPZ12 - ok
15:17:46.0296 0x0df4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:17:46.0328 0x0df4  NetBIOS - ok
15:17:46.0390 0x0df4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:17:46.0406 0x0df4  NetBT - ok
15:17:46.0468 0x0df4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:17:46.0500 0x0df4  NetDDE - ok
15:17:46.0515 0x0df4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:17:46.0531 0x0df4  NetDDEdsdm - ok
15:17:46.0593 0x0df4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:17:46.0609 0x0df4  Netlogon - ok
15:17:46.0703 0x0df4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
15:17:46.0734 0x0df4  Netman - ok
15:17:46.0796 0x0df4  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:17:46.0828 0x0df4  NetTcpPortSharing - ok
15:17:46.0921 0x0df4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:17:46.0968 0x0df4  Nla - ok
15:17:47.0000 0x0df4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:17:47.0031 0x0df4  Npfs - ok
15:17:47.0140 0x0df4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:17:47.0281 0x0df4  Ntfs - ok
15:17:47.0359 0x0df4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:17:47.0375 0x0df4  NtLmSsp - ok
15:17:47.0609 0x0df4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:17:47.0734 0x0df4  NtmsSvc - ok
15:17:47.0765 0x0df4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:17:47.0781 0x0df4  Null - ok
15:17:50.0359 0x0df4  [ 7C56F3FD65B2BDB315CA3605A5392D7B, 1C33B2723BBD958FE06D71B6AC5C54DF1F46491C292749FE0DB8577BF056A765 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:17:51.0734 0x0df4  nv - ok
15:17:51.0828 0x0df4  [ 52DCE3B30C9D61C8E20FE3C6DA4BDFB7, 6C07CE4EEF4EF0E52DE85650D77FCEBE944807D0D520C5AC0BB13A254492152D ] nvgts           C:\WINDOWS\system32\DRIVERS\nvgts.sys
15:17:51.0828 0x0df4  nvgts - ok
15:17:51.0906 0x0df4  [ 1982E96B2C5C2EFFEF38EFC37293A42E, 06FA232C69CEEDE98EBC4580C0C1421688A4909CB46912D5E16541A2020F3160 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
15:17:51.0937 0x0df4  NVSvc - ok
15:17:51.0984 0x0df4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:17:51.0984 0x0df4  NwlnkFlt - ok
15:17:52.0062 0x0df4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:17:52.0109 0x0df4  NwlnkFwd - ok
15:17:52.0156 0x0df4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
15:17:52.0203 0x0df4  Parport - ok
15:17:52.0234 0x0df4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:17:52.0250 0x0df4  PartMgr - ok
15:17:52.0328 0x0df4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:17:52.0359 0x0df4  ParVdm - ok
15:17:52.0390 0x0df4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:17:52.0406 0x0df4  PCI - ok
15:17:52.0437 0x0df4  PCIDump - ok
15:17:52.0515 0x0df4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:17:52.0531 0x0df4  PCIIde - ok
15:17:52.0593 0x0df4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:17:52.0625 0x0df4  Pcmcia - ok
15:17:52.0640 0x0df4  PDCOMP - ok
15:17:52.0656 0x0df4  PDFRAME - ok
15:17:52.0671 0x0df4  PDRELI - ok
15:17:52.0687 0x0df4  PDRFRAME - ok
15:17:52.0718 0x0df4  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
15:17:52.0750 0x0df4  perc2 - ok
15:17:52.0796 0x0df4  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:17:52.0812 0x0df4  perc2hib - ok
15:17:52.0890 0x0df4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:17:52.0906 0x0df4  PlugPlay - ok
15:17:52.0984 0x0df4  [ 4153912765F7F2DE2A5C9A241ABB03FC, B7F38016F0653E8BBD1AED37E97EE857745EC1C87FD7A0529858C30A9225FD14 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
15:17:53.0000 0x0df4  Pml Driver HPZ12 - ok
15:17:53.0062 0x0df4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:17:53.0062 0x0df4  PolicyAgent - ok
15:17:53.0109 0x0df4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:17:53.0125 0x0df4  PptpMiniport - ok
15:17:53.0187 0x0df4  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
15:17:53.0187 0x0df4  Processor - ok
15:17:53.0218 0x0df4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:17:53.0218 0x0df4  ProtectedStorage - ok
15:17:53.0234 0x0df4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:17:53.0250 0x0df4  PSched - ok
15:17:53.0281 0x0df4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:17:53.0296 0x0df4  Ptilink - ok
15:17:53.0328 0x0df4  [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:17:53.0343 0x0df4  PxHelp20 - ok
15:17:53.0375 0x0df4  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:17:53.0375 0x0df4  ql1080 - ok
15:17:53.0390 0x0df4  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:17:53.0390 0x0df4  Ql10wnt - ok
15:17:53.0421 0x0df4  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:17:53.0421 0x0df4  ql12160 - ok
15:17:53.0437 0x0df4  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:17:53.0437 0x0df4  ql1240 - ok
15:17:53.0453 0x0df4  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:17:53.0468 0x0df4  ql1280 - ok
15:17:53.0484 0x0df4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:17:53.0500 0x0df4  RasAcd - ok
15:17:53.0531 0x0df4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:17:53.0546 0x0df4  RasAuto - ok
15:17:53.0578 0x0df4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:17:53.0578 0x0df4  Rasl2tp - ok
15:17:53.0625 0x0df4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:17:53.0640 0x0df4  RasMan - ok
15:17:53.0671 0x0df4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:17:53.0671 0x0df4  RasPppoe - ok
15:17:53.0687 0x0df4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:17:53.0687 0x0df4  Raspti - ok
15:17:53.0703 0x0df4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:17:53.0734 0x0df4  Rdbss - ok
15:17:53.0734 0x0df4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:17:53.0734 0x0df4  RDPCDD - ok
15:17:53.0796 0x0df4  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:17:53.0812 0x0df4  rdpdr - ok
15:17:53.0859 0x0df4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:17:53.0875 0x0df4  RDPWD - ok
15:17:53.0906 0x0df4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:17:53.0937 0x0df4  RDSessMgr - ok
15:17:54.0015 0x0df4  [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
15:17:54.0015 0x0df4  RealNetworks Downloader Resolver Service - ok
15:17:54.0062 0x0df4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:17:54.0078 0x0df4  redbook - ok
15:17:54.0140 0x0df4  [ BA5148E2DA9AB2B786EE239510BE819A, 8EDEA412CBFE5EEDC80EC7E8AC48B04FCBA20C8D3BA6B65006FE5FB25F4B823F ] RegFilter       C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
15:17:54.0140 0x0df4  RegFilter - ok
15:17:54.0203 0x0df4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:17:54.0203 0x0df4  RemoteAccess - ok
15:17:54.0218 0x0df4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:17:54.0218 0x0df4  RpcLocator - ok
15:17:54.0281 0x0df4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
15:17:54.0296 0x0df4  RpcSs - ok
15:17:54.0328 0x0df4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:17:54.0328 0x0df4  RSVP - ok
15:17:54.0359 0x0df4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:17:54.0359 0x0df4  SamSs - ok
15:17:54.0437 0x0df4  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:17:54.0437 0x0df4  SASDIFSV - ok
15:17:54.0453 0x0df4  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:17:54.0453 0x0df4  SASKUTIL - ok
15:17:54.0468 0x0df4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:17:54.0484 0x0df4  SCardSvr - ok
15:17:54.0531 0x0df4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:17:54.0546 0x0df4  Schedule - ok
15:17:54.0593 0x0df4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:17:54.0593 0x0df4  Secdrv - ok
15:17:54.0640 0x0df4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:17:54.0656 0x0df4  seclogon - ok
15:17:54.0687 0x0df4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
15:17:54.0703 0x0df4  SENS - ok
15:17:54.0734 0x0df4  [ 2EC41A96D0DC98BD119BF325E0B9F392, B77BE15FE662BBCE83AC117B1FF5D5B316B41932D15C941BF10E32021EBA822E ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:17:54.0734 0x0df4  Ser2pl - ok
15:17:54.0765 0x0df4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
15:17:54.0765 0x0df4  serenum - ok
15:17:54.0781 0x0df4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
15:17:54.0781 0x0df4  Serial - ok
15:17:54.0875 0x0df4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:17:54.0875 0x0df4  Sfloppy - ok
15:17:54.0937 0x0df4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:17:54.0953 0x0df4  SharedAccess - ok
15:17:54.0984 0x0df4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:17:54.0984 0x0df4  ShellHWDetection - ok
15:17:55.0000 0x0df4  Simbad - ok
15:17:55.0046 0x0df4  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:17:55.0046 0x0df4  sisagp - ok
15:17:55.0265 0x0df4  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:17:55.0421 0x0df4  Skype C2C Service - ok
15:17:55.0515 0x0df4  [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:17:55.0531 0x0df4  SkypeUpdate - ok
15:17:55.0562 0x0df4  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:17:55.0562 0x0df4  SLIP - ok
15:17:55.0609 0x0df4  [ 14BB60A4F1C5291217A05D5728C403E6, 0F4DD318A58576DC867AB9DDD33393948DB795C187DED5D6DDD7D6A54E0F157B ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
15:17:55.0609 0x0df4  SmartDefragDriver - ok
15:17:56.0109 0x0df4  [ 11BB0E11D42CC3A43D741D9B30839BE1, FDC35289D966A7CB318C5BD646148E1E2BCC0AB9F9FD4243C82FC567D72DDAE9 ] SNPSTD3         C:\WINDOWS\system32\DRIVERS\snpstd3.sys
15:17:56.0593 0x0df4  SNPSTD3 - ok
15:17:56.0718 0x0df4  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:17:56.0734 0x0df4  Sparrow - ok
15:17:56.0750 0x0df4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:17:56.0765 0x0df4  splitter - ok
15:17:56.0828 0x0df4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:17:56.0828 0x0df4  Spooler - ok
15:17:56.0937 0x0df4  sprtsvc_dellsupportcenter - ok
15:17:57.0015 0x0df4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:17:57.0031 0x0df4  sr - ok
15:17:57.0093 0x0df4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:17:57.0109 0x0df4  srservice - ok
15:17:57.0218 0x0df4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:17:57.0281 0x0df4  Srv - ok
15:17:57.0312 0x0df4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:17:57.0343 0x0df4  SSDPSRV - ok
15:17:57.0671 0x0df4  [ 8990440E4B2A7CA5A56A1833B03741FD, 55FE82DAE2D15D02AB12777045E2A3FE71560E53ECF1B1C03C25A603D5D90EBB ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
15:17:57.0812 0x0df4  STHDA - ok
15:17:57.0906 0x0df4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:17:58.0046 0x0df4  stisvc - ok
15:17:58.0062 0x0df4  Stltrk2k - ok
15:17:58.0140 0x0df4  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:17:58.0156 0x0df4  streamip - ok
15:17:58.0234 0x0df4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:17:58.0234 0x0df4  swenum - ok
15:17:58.0281 0x0df4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:17:58.0296 0x0df4  swmidi - ok
15:17:58.0312 0x0df4  SwPrv - ok
15:17:58.0343 0x0df4  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
15:17:58.0359 0x0df4  symc810 - ok
15:17:58.0390 0x0df4  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:17:58.0406 0x0df4  symc8xx - ok
15:17:58.0515 0x0df4  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:17:58.0531 0x0df4  sym_hi - ok
15:17:58.0562 0x0df4  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:17:58.0593 0x0df4  sym_u3 - ok
15:17:58.0640 0x0df4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:17:58.0656 0x0df4  sysaudio - ok
15:17:58.0718 0x0df4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:17:58.0734 0x0df4  SysmonLog - ok
15:17:58.0812 0x0df4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:17:58.0843 0x0df4  TapiSrv - ok
15:17:58.0953 0x0df4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:17:58.0984 0x0df4  Tcpip - ok
15:17:59.0062 0x0df4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:17:59.0078 0x0df4  TDPIPE - ok
15:17:59.0109 0x0df4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:17:59.0140 0x0df4  TDTCP - ok
15:17:59.0171 0x0df4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:17:59.0187 0x0df4  TermDD - ok
15:17:59.0312 0x0df4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
15:17:59.0359 0x0df4  TermService - ok
15:17:59.0421 0x0df4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:17:59.0437 0x0df4  Themes - ok
15:17:59.0484 0x0df4  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
15:17:59.0500 0x0df4  TosIde - ok
15:17:59.0578 0x0df4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:17:59.0578 0x0df4  TrkWks - ok
15:17:59.0625 0x0df4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:17:59.0640 0x0df4  Udfs - ok
15:17:59.0671 0x0df4  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
15:17:59.0687 0x0df4  ultra - ok
15:17:59.0781 0x0df4  [ DCF812E04E90D5E07CC09795D1DFE92A, 53294FA92117BB230C0264E1C80BCC4306D22323A79F43C5EC27D51909EB4B18 ] UPATC           C:\WINDOWS\system32\DRIVERS\upatc.sys
15:17:59.0812 0x0df4  UPATC - ok
15:17:59.0937 0x0df4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:18:00.0000 0x0df4  Update - ok
15:18:00.0078 0x0df4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:18:00.0203 0x0df4  upnphost - ok
15:18:00.0250 0x0df4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
15:18:00.0250 0x0df4  UPS - ok
15:18:00.0328 0x0df4  [ CAAEF0A4B5AE343918AE6287D5A4843D, EF937FAEC84967E7A6117FBB91ACA1E7E7DE279EF49FF4F71DCA3DDB34D97375 ] UrlFilter       C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
15:18:00.0343 0x0df4  UrlFilter - ok
15:18:00.0437 0x0df4  [ E8C1B9EBAC65288E1B51E8A987D98AF6, 9DD752EE9DB12EB284AFA894723511C7BF2ED02CFE0931083DF5CB1707720DCA ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
15:18:00.0453 0x0df4  USBAAPL - ok
15:18:00.0515 0x0df4  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
15:18:00.0531 0x0df4  usbaudio - ok
15:18:00.0609 0x0df4  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:18:00.0609 0x0df4  usbccgp - ok
15:18:00.0656 0x0df4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:18:00.0656 0x0df4  usbehci - ok
15:18:00.0734 0x0df4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:18:00.0734 0x0df4  usbhub - ok
15:18:00.0812 0x0df4  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:18:00.0828 0x0df4  usbohci - ok
15:18:00.0859 0x0df4  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:18:00.0890 0x0df4  usbprint - ok
15:18:00.0953 0x0df4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:18:00.0968 0x0df4  usbscan - ok
15:18:01.0015 0x0df4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:18:01.0046 0x0df4  USBSTOR - ok
15:18:01.0125 0x0df4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:18:01.0140 0x0df4  usbuhci - ok
15:18:01.0187 0x0df4  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
15:18:01.0203 0x0df4  usbvideo - ok
15:18:01.0218 0x0df4  usnjsvc - ok
15:18:01.0234 0x0df4  Util albrechto - ok
15:18:01.0281 0x0df4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:18:01.0296 0x0df4  VgaSave - ok
15:18:01.0359 0x0df4  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:18:01.0390 0x0df4  viaagp - ok
15:18:01.0468 0x0df4  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
15:18:01.0484 0x0df4  ViaIde - ok
15:18:01.0578 0x0df4  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:18:01.0671 0x0df4  VolSnap - ok
15:18:01.0765 0x0df4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
15:18:02.0031 0x0df4  VSS - ok
15:18:02.0125 0x0df4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
15:18:02.0187 0x0df4  w32time - ok
15:18:02.0218 0x0df4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:18:02.0234 0x0df4  Wanarp - ok
15:18:02.0265 0x0df4  wanusb - ok
15:18:02.0281 0x0df4  WDICA - ok
15:18:02.0312 0x0df4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:18:02.0328 0x0df4  wdmaud - ok
15:18:02.0390 0x0df4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:18:02.0421 0x0df4  WebClient - ok
15:18:02.0625 0x0df4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:18:02.0640 0x0df4  winmgmt - ok
15:18:02.0875 0x0df4  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
15:18:03.0171 0x0df4  WinRM - ok
15:18:03.0281 0x0df4  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:18:03.0312 0x0df4  WmdmPmSN - ok
15:18:03.0359 0x0df4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:18:03.0375 0x0df4  WmiApSrv - ok
15:18:03.0671 0x0df4  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
15:18:03.0828 0x0df4  WMPNetworkSvc - ok
15:18:04.0218 0x0df4  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:18:04.0281 0x0df4  WPFFontCache_v0400 - ok
15:18:04.0343 0x0df4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:18:04.0343 0x0df4  wscsvc - ok
15:18:04.0390 0x0df4  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:18:04.0421 0x0df4  WSTCODEC - ok
15:18:04.0453 0x0df4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:18:04.0468 0x0df4  wuauserv - ok
15:18:04.0531 0x0df4  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:18:04.0546 0x0df4  WudfPf - ok
15:18:04.0578 0x0df4  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:18:04.0609 0x0df4  WudfRd - ok
15:18:04.0656 0x0df4  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:18:04.0656 0x0df4  WudfSvc - ok
15:18:04.0859 0x0df4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:18:04.0906 0x0df4  WZCSVC - ok
15:18:05.0000 0x0df4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:18:05.0015 0x0df4  xmlprov - ok
15:18:05.0109 0x0df4  [ D46403EF02C003DE80B4BE8A31549FB4, 93F0613BDE1A87914527BAF1558858D97EF0FFA5B7E1800F2E5C2380B79D1E3A ] YPCService      C:\WINDOWS\system32\YPCSER~1.EXE
15:18:05.0125 0x0df4  YPCService - ok
15:18:05.0140 0x0df4  ================ Scan global ===============================
15:18:05.0218 0x0df4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
15:18:05.0328 0x0df4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:18:05.0421 0x0df4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:18:05.0500 0x0df4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
15:18:05.0500 0x0df4  [ Global ] - ok
15:18:05.0500 0x0df4  ================ Scan MBR ==================================
15:18:05.0562 0x0df4  [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
15:18:06.0531 0x0df4  \Device\Harddisk0\DR0 - ok
15:18:06.0546 0x0df4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR5
15:18:06.0562 0x0df4  \Device\Harddisk1\DR5 - ok
15:18:06.0562 0x0df4  ================ Scan VBR ==================================
15:18:06.0593 0x0df4  [ 289A2D449ED94322F7A16596852284D7 ] \Device\Harddisk0\DR0\Partition1
15:18:06.0609 0x0df4  \Device\Harddisk0\DR0\Partition1 - ok
15:18:06.0640 0x0df4  [ 1132E46984023C1F5D5AE75534A1D4D3 ] \Device\Harddisk0\DR0\Partition2
15:18:06.0671 0x0df4  \Device\Harddisk0\DR0\Partition2 - ok
15:18:06.0687 0x0df4  [ E38525992643AE8DA5BEB3E81DC9698C ] \Device\Harddisk1\DR5\Partition1
15:18:06.0687 0x0df4  \Device\Harddisk1\DR5\Partition1 - ok
15:18:06.0687 0x0df4  Waiting for KSN requests completion. In queue: 127
15:18:07.0687 0x0df4  Waiting for KSN requests completion. In queue: 127
15:18:08.0687 0x0df4  Waiting for KSN requests completion. In queue: 127
15:18:09.0953 0x0df4  AV detected via SS1: PC Cleaner Pro, , disabled, updated
15:18:09.0953 0x0df4  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated
15:18:09.0953 0x0df4  AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
15:18:09.0968 0x0df4  Win FW state via NFM: enabled
15:18:13.0218 0x0df4  ============================================================
15:18:13.0218 0x0df4  Scan finished
15:18:13.0218 0x0df4  ============================================================
15:18:13.0250 0x0578  Detected object count: 0
15:18:13.0250 0x0578  Actual detected object count: 0

 


Edited by Nita, 14 December 2013 - 10:35 AM.


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 16 December 2013 - 05:00 PM

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

 

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 17 December 2013 - 05:28 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Nita Guz on 17/12/2013 at  9:59:18.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}



~~~ Files

Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\V2TA.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\V2TB.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\V2TC.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\V2TD.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\V2TE.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\V2TF.tmp [TDL4 Trace]



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\Nita Guz\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\Nita Guz\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files\orbitdownloader"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Nita Guz\Application Data\mozilla\firefox\profiles\71yqyk92.default\searchplugins\web search.xml
Successfully deleted the following from C:\Documents and Settings\Nita Guz\Application Data\mozilla\firefox\profiles\71yqyk92.default\prefs.js

user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=nt&installDate=08/
user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=hp&installDa
user_pref("extensions.alotab.errorUrl", "hxxp://search.alot.com/error?src_id=30665&client_id=33bf84feac61ac5fc8f8cc3e&camp_id=4055&install_time=2012-08-22T15:52:13Z&pr=errs&tb
user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&installDate=08/12/2013
Emptied folder: C:\Documents and Settings\Nita Guz\Application Data\mozilla\firefox\profiles\71yqyk92.default\minidumps [20 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/12/2013 at 10:06:28.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.015 - Report created 17/12/2013 at 10:20:09

# Updated 10/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Nita Guz - D9XW9S2J

# Running from : C:\Documents and Settings\Nita Guz\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : Util Albrechto

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files\NCH Software

Folder Deleted : C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\Extensions\tidynetwork@tidynetwork

File Deleted : C:\Documents and Settings\Avram\Application Data\Mozilla\Firefox\Profiles\p8yhrq4w.default\searchplugins\Web Search.xml

 

***** [ Shortcuts ] *****

 

Shortcut Disinfected : C:\Documents and Settings\Nita Guz\Desktop\Search.lnk

Shortcut Disinfected : C:\Documents and Settings\Nita Guz\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Documents and Settings\Nita Guz\Application Data\Mozilla\Firefox\Profiles\71yqyk92.default\prefs.js ]

 

 

[ File : C:\Documents and Settings\Avram\Application Data\Mozilla\Firefox\Profiles\p8yhrq4w.default\prefs.js ]

 

Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=nt&installDate=08/12/2013");

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");

Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=571febc1-f1f5-4266-b6e3-5c6b579dafec&searchtype=ds&installDate=08/12/2013&q=");

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Documents and Settings\Nita Guz\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

Deleted : urls_to_restore_on_startup

 

*************************

 

AdwCleaner[R0].txt - [20705 octets] - [17/09/2013 20:02:42]

AdwCleaner[R1].txt - [20766 octets] - [17/09/2013 21:30:09]

AdwCleaner[R3].txt - [4266 octets] - [17/12/2013 10:18:45]

AdwCleaner[S0].txt - [21210 octets] - [17/09/2013 21:32:08]

AdwCleaner[S1].txt - [1288 octets] - [22/09/2013 11:09:29]

AdwCleaner[S2].txt - [3949 octets] - [17/12/2013 10:20:09]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4009 octets] ##########



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 17 December 2013 - 07:34 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Nita

Nita
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 17 December 2013 - 04:40 PM

I couldn't save it to the desktop for some reason but here is the copy and paste .I hope this is OK

C:\Documents and Settings\Nita Guz\Desktop\downloads\ccsetup402.exe    Win32/Bundled.Toolbar.Google.D application
C:\Documents and Settings\Nita Guz\Desktop\downloads\FCSetup_1.exe    a variant of Win32/Toolbar.Conduit.B application
C:\Documents and Settings\Nita Guz\Desktop\downloads\FCSetup_1.tmp    a variant of Win32/Toolbar.Conduit.B application
C:\Documents and Settings\Nita Guz\Desktop\downloads\openofficesuite-setup.exe    Win32/DownloadAdmin.G application
C:\Documents and Settings\Nita Guz\Desktop\Here\WPA_Kill.exe    a variant of Win32/HackTool.Patcher.O application
C:\Documents and Settings\Nita Guz\My Documents\Downloads\Programs\zlsSetup_70_462_000_en.exe    a variant of Win32/AdInstaller application
C:\Documents and Settings\Nita Guz\My Documents\Downloads\Programs\zlsSetup_70_462_000_en_1.tmp    a variant of Win32/AdInstaller application
C:\Documents and Settings\Nita Guz\My Documents\Downloads\Programs\zlsSetup_70_470_000_en.exe    a variant of Win32/AdInstaller application
D:\My Documents\Downloads\Programs\zlsSetup_70_462_000_en.exe    a variant of Win32/AdInstaller application
D:\My Documents\Downloads\Programs\zlsSetup_70_462_000_en_1.tmp    a variant of Win32/AdInstaller application
D:\My Documents\Downloads\Programs\zlsSetup_70_470_000_en.exe    a variant of Win32/AdInstaller application
 



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 PM

Posted 19 December 2013 - 05:27 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users