Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected computer help


  • This topic is locked This topic is locked
32 replies to this topic

#1 tracy1315

tracy1315

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 24 March 2014 - 06:02 AM

My Windows XP 64 bit computer seems to be infected. Any help identifying the issue would be greatly appreciated. Thank you!

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:38:50 PM, on 3/17/2014
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.21371)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-4036979102-2415211131-3377368003-500\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283187815859
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files (x86)\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\WINDOWS\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
 
--
End of file - 8749 bytes
 


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 29 March 2014 - 06:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/528561 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 29 March 2014 - 08:26 PM

Greetings tracy1315 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. In order to assist me it is important for you to describe what is happening with your computer that makes you believe it is infected.

Please run this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Symptoms of infection
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 tracy1315

tracy1315
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 30 March 2014 - 06:49 AM

Hi Gary,

Thanks for your help.

 

1) symptoms of infection include but are not limited to:

- firefox and chrome open to search.conduit.com/***** though homepages are set as google.com

- computer runs slowly

- strange executable names "continue file extractor installation" appeared on the desktop (I have not executed)

 

2) FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Administrator (administrator) on TRACY on 30-03-2014 07:43:27
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.exe
(Microsoft Corporation) C:\WINDOWS\system32\wdfmgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [294400 2007-02-17] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15922688 2008-07-26] (NVIDIA Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2008-02-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-09-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit, [X]
HKLM\...\Winlogon: [UIHost] C:\Windows\system32\logonui.exe [662016 2007-02-17] ( (Microsoft Corporation))
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{38795ae0-af96-1cf6-737a-c3daf4c73f43}\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2006-03-29] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2006-03-29] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2006-03-29] (Microsoft Corporation)
HKU\S-1-5-21-4036979102-2415211131-3377368003-500\...\Run: [Google Update] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-04-21] (Google Inc.)
HKU\S-1-5-21-4036979102-2415211131-3377368003-500\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [20992 2006-03-29] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7B9E5D8B-35A6-4D0B-A69C-CEB215F6B57F&apn_sauid=D482FE6E-9845-4693-92C9-2BC8D3DB977F
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7B9E5D8B-35A6-4D0B-A69C-CEB215F6B57F&apn_sauid=D482FE6E-9845-4693-92C9-2BC8D3DB977F
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283187815859
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP1AF7FEF0-1E69-4E38-8355-F7DB638682AC
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7B9E5D8B-35A6-4D0B-A69C-CEB215F6B57F&apn_ptnrs=TV&apn_sauid=D482FE6E-9845-4693-92C9-2BC8D3DB977F&apn_dtid=OSJ000YYUS&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\conduit-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-11]
FF Extension: FaviconizeTab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2011-11-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2006-03-29] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2006-03-29] (Microsoft Corporation)
S3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2006-03-29] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2006-03-29] (Microsoft Corporation)
S2 Browser; C:\Windows\SysWOW64\browser.dll [78336 2012-06-29] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2006-03-29] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2006-03-29] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2006-03-29] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-12-12] (Nero AG)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2006-03-29] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2006-03-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182184 2013-07-05] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [19720 2009-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [178920 2009-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66896 2009-10-22] (McAfee, Inc.)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [79504 2009-10-22] (McAfee, Inc.)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2006-03-29] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2006-03-29] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [160768 2008-07-26] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2006-03-29] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\SysWOW64\locator.exe [71680 2006-03-29] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2006-03-29] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2006-03-29] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2006-03-29] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2006-03-29] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2006-03-29] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-17] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog;  [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2006-03-29] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
R3 AEAudio; C:\Windows\System32\drivers\AEAudio.sys [140160 2007-06-19] (Andrea Electronics Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 AmdIde; No ImagePath
S4 arc; No ImagePath
R3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-17] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
S4 Atdisk; No ImagePath
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R3 BMDDeckLinkAudio; C:\Windows\System32\DRIVERS\deckaud.sys [18944 2007-10-25] (Blackmagic Design)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2006-03-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2006-03-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S0 CLBStor; C:\Windows\SysWow64\Drivers\CLBStor.sys [10368 2008-10-20] (Cyberlink Co.,Ltd.)
S2 CLBUDFR; C:\Windows\SysWow64\Drivers\CLBUDFR.sys [154368 2008-10-20] (CyberLink Corporation.)
S4 CmdIde; No ImagePath
R3 DeckLink; C:\Windows\System32\DRIVERS\Intensity.sys [241664 2007-10-25] (Blackmagic Design)
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2006-03-29] (Microsoft Corporation)
S4 dpti2o; No ImagePath
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdX64.sys [29184 2009-09-23] (Juniper Networks)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [187392 2007-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [48640 2007-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [50688 2007-03-08] (HP)
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2006-03-29] (Microsoft Corporation)
S4 IntelIde; No ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2009-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [119968 2009-10-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469144 2009-10-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [77104 2009-10-22] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83784 2009-10-22] (McAfee, Inc.)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2006-03-29] (Microsoft Corporation)
S4 mraid35x; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2008-01-21] ()
R3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [7996288 2008-07-26] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [74368 2007-11-17] (NVIDIA Corporation)
R0 nvgts64; C:\Windows\System32\DRIVERS\nvgts64.sys [120832 2007-08-08] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [34304 2007-11-17] (NVIDIA Corporation)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [153600 2007-08-08] (NVIDIA Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2006-03-29] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2006-03-29] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [1821184 2005-11-21] (Creative Technology Ltd.)
S4 Simbad; No ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2006-03-29] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-25] ()
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [146928 2009-09-04] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> No ServiceDLL Path.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-03-30 07:43 - 2014-03-30 07:43 - 00000000 ____D () C:\FRST
2014-03-17 16:37 - 2014-03-17 16:37 - 00002012 _____ () C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
2014-03-17 16:30 - 2014-02-18 08:34 - 00000426 _____ () C:\AVScanner.ini
2014-03-17 16:26 - 2014-03-17 16:26 - 00000000 _____ () C:\WINDOWS\0.log
2014-03-17 16:24 - 2014-03-17 16:24 - 00002622 _____ () C:\WINDOWS\PFRO.log
2014-03-17 16:16 - 2014-03-25 14:02 - 00007653 _____ () C:\WINDOWS\setupapi.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00093513 _____ () C:\WINDOWS\KB2925418-IE7.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00011674 _____ () C:\WINDOWS\FaxSetup.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00011248 _____ () C:\WINDOWS\updspapi.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00007140 _____ () C:\WINDOWS\msmqinst.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00005010 _____ () C:\WINDOWS\tsoc.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00004399 _____ () C:\WINDOWS\comsetup.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00003705 _____ () C:\WINDOWS\ocgen.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00003529 _____ () C:\WINDOWS\iis6.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00002816 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00000970 _____ () C:\WINDOWS\imsins.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00000798 _____ () C:\WINDOWS\ocmsn.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00000711 _____ () C:\WINDOWS\msgsocm.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00012102 _____ () C:\WINDOWS\KB2930275.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00011448 _____ () C:\WINDOWS\KB2929961.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000970 _____ () C:\WINDOWS\imsins.BAK
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-17 13:29 - 2014-03-17 13:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-03-17 13:28 - 2014-03-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 13:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-15 14:45 - 2014-03-15 14:45 - 00056846 _____ () C:\WINDOWS\DPINST.LOG
2014-03-15 14:42 - 2014-03-15 14:42 - 00004026 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140315_144210.reg
2014-03-15 14:38 - 2014-03-15 14:38 - 00000978 _____ () C:\Documents and Settings\Administrator\Desktop\Continue File Extractor Installation.lnk
2014-03-15 14:19 - 2014-03-15 14:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\mooret_resumes
2014-03-12 07:39 - 2014-03-12 07:39 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-04 19:46 - 2014-03-04 19:46 - 00195448 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140304_184614_likelybad.reg

==================== One Month Modified Files and Folders =======

2014-03-30 07:43 - 2014-03-30 07:43 - 00000000 ____D () C:\FRST
2014-03-30 07:41 - 2010-08-30 11:55 - 01520071 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-30 07:39 - 2012-05-14 21:44 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-30 07:39 - 2011-04-21 21:12 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4036979102-2415211131-3377368003-500UA.job
2014-03-30 07:39 - 2010-08-30 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-03-29 22:38 - 2010-08-30 12:00 - 00032316 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2014-03-29 19:38 - 2011-04-21 21:12 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4036979102-2415211131-3377368003-500Core.job
2014-03-28 18:46 - 2010-08-30 12:00 - 00000976 _____ () C:\Documents and Settings\LocalService\wiadebug.log
2014-03-25 14:02 - 2014-03-17 16:16 - 00007653 _____ () C:\WINDOWS\setupapi.log
2014-03-25 14:02 - 2010-08-30 15:23 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Tommy
2014-03-18 10:45 - 2013-08-25 16:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 10:39 - 2010-08-30 15:01 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-17 16:37 - 2014-03-17 16:37 - 00002012 _____ () C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
2014-03-17 16:27 - 2010-11-11 19:20 - 00194909 _____ () C:\WINDOWS\system32\nvapps.xml
2014-03-17 16:26 - 2014-03-17 16:26 - 00000000 _____ () C:\WINDOWS\0.log
2014-03-17 16:24 - 2014-03-17 16:24 - 00002622 _____ () C:\WINDOWS\PFRO.log
2014-03-17 16:24 - 2010-08-30 12:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 16:24 - 2010-08-30 07:42 - 00270192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 16:24 - 2006-03-29 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-17 16:17 - 2014-03-17 16:16 - 00093513 _____ () C:\WINDOWS\KB2925418-IE7.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00011674 _____ () C:\WINDOWS\FaxSetup.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00011248 _____ () C:\WINDOWS\updspapi.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00007140 _____ () C:\WINDOWS\msmqinst.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00005010 _____ () C:\WINDOWS\tsoc.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00004399 _____ () C:\WINDOWS\comsetup.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00003705 _____ () C:\WINDOWS\ocgen.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00003529 _____ () C:\WINDOWS\iis6.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00002816 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00000970 _____ () C:\WINDOWS\imsins.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00000798 _____ () C:\WINDOWS\ocmsn.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00000711 _____ () C:\WINDOWS\msgsocm.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00012102 _____ () C:\WINDOWS\KB2930275.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00011448 _____ () C:\WINDOWS\KB2929961.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000970 _____ () C:\WINDOWS\imsins.BAK
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-17 13:29 - 2014-03-17 13:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-03-17 13:28 - 2014-03-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 14:45 - 2014-03-15 14:45 - 00056846 _____ () C:\WINDOWS\DPINST.LOG
2014-03-15 14:45 - 2013-02-09 07:31 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-03-15 14:42 - 2014-03-15 14:42 - 00004026 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140315_144210.reg
2014-03-15 14:40 - 2010-08-30 12:00 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-15 14:38 - 2014-03-15 14:38 - 00000978 _____ () C:\Documents and Settings\Administrator\Desktop\Continue File Extractor Installation.lnk
2014-03-15 14:19 - 2014-03-15 14:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\mooret_resumes
2014-03-12 07:39 - 2014-03-12 07:39 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 07:39 - 2012-05-14 21:44 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-12 07:39 - 2011-06-27 21:47 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 19:46 - 2014-03-04 19:46 - 00195448 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140304_184614_likelybad.reg
2014-03-04 19:41 - 2014-02-25 18:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate

ZeroAccess:
C:\Windows\Installer\{38795ae0-af96-1cf6-737a-c3daf4c73f43}

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\DeleteInstall.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ICReinstall_FileExtractorSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2010-08-30 14:07] - [2007-02-17 01:02] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4B

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2010-08-30 14:09] - [2007-02-17 00:20] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7F

C:\Windows\SysWOW64\explorer.exe
[2006-03-29 08:00] - [2007-02-18 11:05] - 1053184 ____N (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344

C:\Windows\System32\svchost.exe
[2010-08-30 14:07] - [2007-02-17 00:59] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9

C:\Windows\SysWOW64\svchost.exe
[2006-03-29 08:00] - [2007-02-18 11:05] - 0014848 ____N (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

C:\Windows\System32\services.exe
[2006-03-29 08:00] - [2009-03-19 19:51] - 0227840 ____A (Microsoft Corporation) 1E07EE3F50DFF2FE9B0A9D196E82698F

C:\Windows\System32\User32.dll
[2007-03-02 01:54] - [2007-03-02 01:54] - 1086464 ____A (Microsoft Corporation) C34683231AA9162B2106CA149B729D38

C:\Windows\SysWOW64\User32.dll
[2007-03-02 01:54] - [2007-03-02 01:54] - 0602624 ____N (Microsoft Corporation) 8BE4E29DA25073BF7894E2A61C9525DE

C:\Windows\System32\userinit.exe
[2006-03-29 08:00] - [2007-02-17 01:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9

C:\Windows\SysWOW64\userinit.exe
[2006-03-29 08:00] - [2007-02-18 11:05] - 0026112 ____N (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5

C:\Windows\System32\rpcss.dll
[2009-03-19 19:51] - [2009-03-19 19:51] - 0845312 ____A (Microsoft Corporation) A6130365606F3D6332B014FC3DA931AA

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2006-03-29 08:00] - [2012-08-23 01:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEB

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

 

3) addition.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Administrator (administrator) on TRACY on 30-03-2014 07:43:27
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.exe
(Microsoft Corporation) C:\WINDOWS\system32\wdfmgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [294400 2007-02-17] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15922688 2008-07-26] (NVIDIA Corporation)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2008-02-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-09-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Winlogon: [Userinit] userinit, [X]
HKLM\...\Winlogon: [UIHost] C:\Windows\system32\logonui.exe [662016 2007-02-17] ( (Microsoft Corporation))
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{38795ae0-af96-1cf6-737a-c3daf4c73f43}\n. ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2006-03-29] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2006-03-29] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2006-03-29] (Microsoft Corporation)
HKU\S-1-5-21-4036979102-2415211131-3377368003-500\...\Run: [Google Update] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-04-21] (Google Inc.)
HKU\S-1-5-21-4036979102-2415211131-3377368003-500\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [20992 2006-03-29] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7B9E5D8B-35A6-4D0B-A69C-CEB215F6B57F&apn_sauid=D482FE6E-9845-4693-92C9-2BC8D3DB977F
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7B9E5D8B-35A6-4D0B-A69C-CEB215F6B57F&apn_sauid=D482FE6E-9845-4693-92C9-2BC8D3DB977F
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
DPF: HKLM-x32 {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283187815859
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP1AF7FEF0-1E69-4E38-8355-F7DB638682AC
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7B9E5D8B-35A6-4D0B-A69C-CEB215F6B57F&apn_ptnrs=TV&apn_sauid=D482FE6E-9845-4693-92C9-2BC8D3DB977F&apn_dtid=OSJ000YYUS&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\conduit-search.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-11]
FF Extension: FaviconizeTab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\Extensions\faviconizetab@espion.just-size.jp.xpi [2011-11-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2006-03-29] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2006-03-29] (Microsoft Corporation)
S3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2006-03-29] (Microsoft Corporation)
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2006-03-29] (Microsoft Corporation)
S2 Browser; C:\Windows\SysWOW64\browser.dll [78336 2012-06-29] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2006-03-29] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2006-03-29] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2006-03-29] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-12-12] (Nero AG)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2006-03-29] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2006-03-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182184 2013-07-05] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [19720 2009-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [178920 2009-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [66896 2009-10-22] (McAfee, Inc.)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [79504 2009-10-22] (McAfee, Inc.)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2006-03-29] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2006-03-29] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [160768 2008-07-26] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2006-03-29] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\SysWOW64\locator.exe [71680 2006-03-29] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\system32\wdfmgr.exe [62976 2006-03-29] (Microsoft Corporation)
R2 UMWdf; C:\WINDOWS\SysWOW64\wdfmgr.exe [39424 2006-03-29] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2006-03-29] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2006-03-29] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [36352 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2006-03-29] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-17] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog;  [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2006-03-29] (Microsoft Corporation)
S4 adpu160m; No ImagePath
S4 adpu320; No ImagePath
R3 AEAudio; C:\Windows\System32\drivers\AEAudio.sys [140160 2007-06-19] (Andrea Electronics Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 AmdIde; No ImagePath
S4 arc; No ImagePath
R3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-17] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
S4 Atdisk; No ImagePath
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R3 BMDDeckLinkAudio; C:\Windows\System32\DRIVERS\deckaud.sys [18944 2007-10-25] (Blackmagic Design)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2006-03-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2006-03-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S0 CLBStor; C:\Windows\SysWow64\Drivers\CLBStor.sys [10368 2008-10-20] (Cyberlink Co.,Ltd.)
S2 CLBUDFR; C:\Windows\SysWow64\Drivers\CLBUDFR.sys [154368 2008-10-20] (CyberLink Corporation.)
S4 CmdIde; No ImagePath
R3 DeckLink; C:\Windows\System32\DRIVERS\Intensity.sys [241664 2007-10-25] (Blackmagic Design)
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2006-03-29] (Microsoft Corporation)
S4 dpti2o; No ImagePath
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdX64.sys [29184 2009-09-23] (Juniper Networks)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [187392 2007-03-08] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [48640 2007-03-08] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [50688 2007-03-08] (HP)
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2006-03-29] (Microsoft Corporation)
S4 IntelIde; No ImagePath
S3 Ip6Fw; C:\Windows\System32\drivers\ip6fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2009-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [119968 2009-10-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469144 2009-10-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [77104 2009-10-22] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83784 2009-10-22] (McAfee, Inc.)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2006-03-29] (Microsoft Corporation)
S4 mraid35x; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2008-01-21] ()
R3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [7996288 2008-07-26] (NVIDIA Corporation)
R3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [74368 2007-11-17] (NVIDIA Corporation)
R0 nvgts64; C:\Windows\System32\DRIVERS\nvgts64.sys [120832 2007-08-08] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [34304 2007-11-17] (NVIDIA Corporation)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [153600 2007-08-08] (NVIDIA Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2006-03-29] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2006-03-29] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [1821184 2005-11-21] (Creative Technology Ltd.)
S4 Simbad; No ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2006-03-29] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-25] ()
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [146928 2009-09-04] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> No ServiceDLL Path.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-03-30 07:43 - 2014-03-30 07:43 - 00000000 ____D () C:\FRST
2014-03-17 16:37 - 2014-03-17 16:37 - 00002012 _____ () C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
2014-03-17 16:30 - 2014-02-18 08:34 - 00000426 _____ () C:\AVScanner.ini
2014-03-17 16:26 - 2014-03-17 16:26 - 00000000 _____ () C:\WINDOWS\0.log
2014-03-17 16:24 - 2014-03-17 16:24 - 00002622 _____ () C:\WINDOWS\PFRO.log
2014-03-17 16:16 - 2014-03-25 14:02 - 00007653 _____ () C:\WINDOWS\setupapi.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00093513 _____ () C:\WINDOWS\KB2925418-IE7.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00011674 _____ () C:\WINDOWS\FaxSetup.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00011248 _____ () C:\WINDOWS\updspapi.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00007140 _____ () C:\WINDOWS\msmqinst.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00005010 _____ () C:\WINDOWS\tsoc.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00004399 _____ () C:\WINDOWS\comsetup.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00003705 _____ () C:\WINDOWS\ocgen.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00003529 _____ () C:\WINDOWS\iis6.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00002816 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00000970 _____ () C:\WINDOWS\imsins.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00000798 _____ () C:\WINDOWS\ocmsn.log
2014-03-17 16:16 - 2014-03-17 16:17 - 00000711 _____ () C:\WINDOWS\msgsocm.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00012102 _____ () C:\WINDOWS\KB2930275.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00011448 _____ () C:\WINDOWS\KB2929961.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000970 _____ () C:\WINDOWS\imsins.BAK
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-17 13:29 - 2014-03-17 13:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-03-17 13:28 - 2014-03-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 13:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-15 14:45 - 2014-03-15 14:45 - 00056846 _____ () C:\WINDOWS\DPINST.LOG
2014-03-15 14:42 - 2014-03-15 14:42 - 00004026 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140315_144210.reg
2014-03-15 14:38 - 2014-03-15 14:38 - 00000978 _____ () C:\Documents and Settings\Administrator\Desktop\Continue File Extractor Installation.lnk
2014-03-15 14:19 - 2014-03-15 14:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\mooret_resumes
2014-03-12 07:39 - 2014-03-12 07:39 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-04 19:46 - 2014-03-04 19:46 - 00195448 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140304_184614_likelybad.reg

==================== One Month Modified Files and Folders =======

2014-03-30 07:43 - 2014-03-30 07:43 - 00000000 ____D () C:\FRST
2014-03-30 07:41 - 2010-08-30 11:55 - 01520071 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-30 07:39 - 2012-05-14 21:44 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-30 07:39 - 2011-04-21 21:12 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4036979102-2415211131-3377368003-500UA.job
2014-03-30 07:39 - 2010-08-30 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-03-29 22:38 - 2010-08-30 12:00 - 00032316 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2014-03-29 19:38 - 2011-04-21 21:12 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4036979102-2415211131-3377368003-500Core.job
2014-03-28 18:46 - 2010-08-30 12:00 - 00000976 _____ () C:\Documents and Settings\LocalService\wiadebug.log
2014-03-25 14:02 - 2014-03-17 16:16 - 00007653 _____ () C:\WINDOWS\setupapi.log
2014-03-25 14:02 - 2010-08-30 15:23 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Tommy
2014-03-18 10:45 - 2013-08-25 16:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 10:39 - 2010-08-30 15:01 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-17 16:37 - 2014-03-17 16:37 - 00002012 _____ () C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-03-17 16:37 - 2014-03-17 16:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
2014-03-17 16:27 - 2010-11-11 19:20 - 00194909 _____ () C:\WINDOWS\system32\nvapps.xml
2014-03-17 16:26 - 2014-03-17 16:26 - 00000000 _____ () C:\WINDOWS\0.log
2014-03-17 16:24 - 2014-03-17 16:24 - 00002622 _____ () C:\WINDOWS\PFRO.log
2014-03-17 16:24 - 2010-08-30 12:00 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 16:24 - 2010-08-30 07:42 - 00270192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 16:24 - 2006-03-29 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-17 16:17 - 2014-03-17 16:16 - 00093513 _____ () C:\WINDOWS\KB2925418-IE7.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00011674 _____ () C:\WINDOWS\FaxSetup.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00011248 _____ () C:\WINDOWS\updspapi.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00007140 _____ () C:\WINDOWS\msmqinst.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00005010 _____ () C:\WINDOWS\tsoc.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00004399 _____ () C:\WINDOWS\comsetup.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00003705 _____ () C:\WINDOWS\ocgen.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00003529 _____ () C:\WINDOWS\iis6.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00002816 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00000970 _____ () C:\WINDOWS\imsins.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00000798 _____ () C:\WINDOWS\ocmsn.log
2014-03-17 16:17 - 2014-03-17 16:16 - 00000711 _____ () C:\WINDOWS\msgsocm.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00012102 _____ () C:\WINDOWS\KB2930275.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00011448 _____ () C:\WINDOWS\KB2929961.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000970 _____ () C:\WINDOWS\imsins.BAK
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-17 16:16 - 2014-03-17 16:16 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-03-17 13:29 - 2014-03-17 13:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-03-17 13:28 - 2014-03-17 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 14:45 - 2014-03-15 14:45 - 00056846 _____ () C:\WINDOWS\DPINST.LOG
2014-03-15 14:45 - 2013-02-09 07:31 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-03-15 14:42 - 2014-03-15 14:42 - 00004026 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140315_144210.reg
2014-03-15 14:40 - 2010-08-30 12:00 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-15 14:38 - 2014-03-15 14:38 - 00000978 _____ () C:\Documents and Settings\Administrator\Desktop\Continue File Extractor Installation.lnk
2014-03-15 14:19 - 2014-03-15 14:19 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\mooret_resumes
2014-03-12 07:39 - 2014-03-12 07:39 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 07:39 - 2012-05-14 21:44 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-12 07:39 - 2011-06-27 21:47 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 19:46 - 2014-03-04 19:46 - 00195448 _____ () C:\Documents and Settings\Administrator\My Documents\cc_20140304_184614_likelybad.reg
2014-03-04 19:41 - 2014-02-25 18:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate

ZeroAccess:
C:\Windows\Installer\{38795ae0-af96-1cf6-737a-c3daf4c73f43}

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\DeleteInstall.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ICReinstall_FileExtractorSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2010-08-30 14:07] - [2007-02-17 01:02] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4B

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2010-08-30 14:09] - [2007-02-17 00:20] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7F

C:\Windows\SysWOW64\explorer.exe
[2006-03-29 08:00] - [2007-02-18 11:05] - 1053184 ____N (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344

C:\Windows\System32\svchost.exe
[2010-08-30 14:07] - [2007-02-17 00:59] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9

C:\Windows\SysWOW64\svchost.exe
[2006-03-29 08:00] - [2007-02-18 11:05] - 0014848 ____N (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

C:\Windows\System32\services.exe
[2006-03-29 08:00] - [2009-03-19 19:51] - 0227840 ____A (Microsoft Corporation) 1E07EE3F50DFF2FE9B0A9D196E82698F

C:\Windows\System32\User32.dll
[2007-03-02 01:54] - [2007-03-02 01:54] - 1086464 ____A (Microsoft Corporation) C34683231AA9162B2106CA149B729D38

C:\Windows\SysWOW64\User32.dll
[2007-03-02 01:54] - [2007-03-02 01:54] - 0602624 ____N (Microsoft Corporation) 8BE4E29DA25073BF7894E2A61C9525DE

C:\Windows\System32\userinit.exe
[2006-03-29 08:00] - [2007-02-17 01:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9

C:\Windows\SysWOW64\userinit.exe
[2006-03-29 08:00] - [2007-02-18 11:05] - 0026112 ____N (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5

C:\Windows\System32\rpcss.dll
[2009-03-19 19:51] - [2009-03-19 19:51] - 0845312 ____A (Microsoft Corporation) A6130365606F3D6332B014FC3DA931AA

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2006-03-29 08:00] - [2012-08-23 01:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEB

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

 

Thanks again!



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 30 March 2014 - 02:47 PM

Greetings,

I have some steps for you to take but I must first advise you that your computer is quite ill. Please consider and perform the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Security check log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 tracy1315

tracy1315
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 31 March 2014 - 03:56 PM

Hi Gary,

Thanks for this (disappointing) info. I will have to reinstall an os based on it. But my last question is do you know of any way to tell what information has been taken from my computer? I'm quite concerned about certain files. I will wait to reos until I hear back from you. Thanks again.

Tracy

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 31 March 2014 - 05:33 PM

Hi Tracy,

Those who employ Backdoor Trojans are typically interested in obtaining information which will lead to some sort of theft. I am not aware of normal data files being targeted. The easiest way for me to give you some additional information is if I simply post what I usually offer someone if they ask whether or not they should reformat. So here it is:
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.
 
It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.


If you have any questions please let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 tracy1315

tracy1315
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 April 2014 - 05:07 AM

Hi Gary,

I will certainly continue to monitor my financials very closely due to the breach. I am asking about the possible removal of files because I keep copies of my tax returns on the infected computer. If those were taken theft would probably result and might not be immediately obvious. It sounds like there is not a way to determine if they were taken. Thanks again.

Tracy

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 02 April 2014 - 08:34 AM

Hi Tracy,

I doubt very much that your tax returns would be targeted. If you have not seen any irregularities up to this point chances are your computer was infected but not targeted for information theft. That is actually much more common than information actually being stolen. There are other reasons for a Backdoor Trojan besides theft of information. That type of Trojan can allow someone else to use your computer as a sort of network computer to serve their purposes, like facilitating the spreading of malware to others.

If you are going to reformat and reinstall your operating system I would suggest we continue cleaning your computer to try to eliminate the possibility of cross contamination when you save data files then reinsert them into your clean computer. Of course that is up to you but the only thing it costs is a little time and attention. I am good with that if you are as well.

Please let me know what you decide.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 tracy1315

tracy1315
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 April 2014 - 04:01 PM

Hi Gary,

I did not realize there would be merit to cleaning my computer despite my intention to re-os. I would like to proceed with cleaning. I assume I should start with the steps you outlined in your earlier post? Thanks again.

Tracy

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 02 April 2014 - 05:36 PM

Yes Tracy, that is where we would like to start.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 tracy1315

tracy1315
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 April 2014 - 07:50 PM

Hi Gary,

 

Here is the information you requested:

 

1) adwcleaner log

# AdwCleaner v3.023 - Report created 02/04/2014 at 19:15:34
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (64 bits)
# Username : Administrator - TRACY
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temp\dlm614.tmp\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SaveSense
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\SaveSense
File Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\Administrator\Desktop\MyPC Backup.lnk
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\askcomsearch.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\searchplugins\conduit-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.21371
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ip3o308f.default\prefs.js ]
 
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP1AF7FEF0-1E69-4E38-8355-F7DB638682AC");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7B9E5D8B-35A6-4D0B-A69C-CEB215F6B57F&apn_ptnrs=TV&apn_sauid=D482FE6E-9845-4693-92C9-2BC8D3DB977F&[...]
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5411 octets] - [02/04/2014 19:13:28]
AdwCleaner[S0].txt - [4767 octets] - [02/04/2014 19:15:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4827 octets] ##########
 
2) junkware log
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x64
Ran by Administrator on Wed 04/02/2014 at 19:29:46.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\red kawa"
Successfully deleted: [Folder] "C:\Program Files (x86)\red kawa"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/02/2014 at 19:33:32.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
3) security check log is below, however security check would not run without errors after disabling all virus and malware scanners in normal or safe mode. here is the initial error it gave me in a typical windows error box:
"Line -1:
 
 
Error: Variable must be of type "Object"."
 
and then in the command line box in which the program executes it starting by listing 3 more errors that I was not quick enough to capture but they were something like 
Error
Code: 00x000056
??????
??????
 
where ? is actual text
 
here is log that came up after all these errors:

 Results of screen317's Security Check version 0.99.81  
 Windows XP  x64   
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player  12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!
 Mozilla Firefox 27.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
4) downloaded combofix and was reminded that I can not use it on a windows 64bit OS (only version of XP that is supported is 32 bit). It appears that I have tried to install combofix in the past. 
 
 
Any thoughts?
 
Tracy
 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 02 April 2014 - 10:18 PM

Hi Tracy,

Please run these.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky on XP

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 tracy1315

tracy1315
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 03 April 2014 - 01:55 PM

1) could not get RogueKiller to complete a scan under any circumstances. It always finished about 80% of the scan (according to the progress bar) and then gave me an error. I tried it 3 times using all names suggested.

 

2) TDSSKiller found 289 objects none of which it deemed threats. Therefore it did not neutralize or quarantine any objects. I am copying in the report below. 

 

14:40:58.0468 0x075c  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
14:41:04.0750 0x075c  ============================================================
14:41:04.0750 0x075c  Current date / time: 2014/04/03 14:41:04.0750
14:41:04.0750 0x075c  SystemInfo:
14:41:04.0750 0x075c  
14:41:04.0750 0x075c  OS Version: 5.2.3790 ServicePack: 2.0
14:41:04.0750 0x075c  Product type: Workstation
14:41:04.0750 0x075c  ComputerName: TRACY
14:41:04.0750 0x075c  UserName: Administrator
14:41:04.0750 0x075c  Windows directory: C:\WINDOWS
14:41:04.0750 0x075c  System windows directory: C:\WINDOWS
14:41:04.0750 0x075c  Running under WOW64
14:41:04.0750 0x075c  Processor architecture: Intel x64
14:41:04.0750 0x075c  Number of processors: 4
14:41:04.0750 0x075c  Page size: 0x1000
14:41:04.0750 0x075c  Boot type: Normal boot
14:41:04.0750 0x075c  ============================================================
14:41:04.0890 0x075c  KLMD registered as C:\WINDOWS\system32\drivers\10882369.sys
14:41:05.0093 0x075c  System UUID: {697D1088-4E14-BB45-756D-9639D934A17D}
14:41:06.0281 0x075c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
14:41:06.0281 0x075c  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1B60000 (1863.03 Gb), SectorSize: 0x200, Cylinders: 0x3B602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:41:06.0296 0x075c  ============================================================
14:41:06.0296 0x075c  \Device\Harddisk0\DR0:
14:41:06.0296 0x075c  MBR partitions:
14:41:06.0296 0x075c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
14:41:06.0296 0x075c  \Device\Harddisk1\DR1:
14:41:06.0296 0x075c  MBR partitions:
14:41:06.0296 0x075c  ============================================================
14:41:06.0296 0x075c  C: <-> \Device\Harddisk0\DR0\Partition1
14:41:06.0296 0x075c  ============================================================
14:41:06.0296 0x075c  Initialize success
14:41:06.0296 0x075c  ============================================================
14:41:20.0187 0x01ac  ============================================================
14:41:20.0187 0x01ac  Scan started
14:41:20.0187 0x01ac  Mode: Manual; 
14:41:20.0187 0x01ac  ============================================================
14:41:20.0187 0x01ac  KSN ping started
14:41:21.0187 0x01ac  KSN ping finished: false
14:41:21.0234 0x01ac  ================ Scan system memory ========================
14:41:21.0234 0x01ac  System memory - ok
14:41:21.0234 0x01ac  ================ Scan services =============================
14:41:21.0328 0x01ac  Abiosdsk - ok
14:41:21.0375 0x01ac  [ 0CC42D1FB637112DE6F6196DDAF83DEC, C554152C72102E4FEB1B712CC46CEC95C09ED1C2A822B7C1C0E10123016E68D3 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:41:21.0421 0x01ac  ACPI - ok
14:41:21.0562 0x01ac  [ A4D4F508BC6613442B0C32CDE443E382, 17D804FC5846CBBC9C35113DEC6A8BFD8C07848522C6394F26E9BFA8A9EA80CA ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:41:21.0609 0x01ac  ACPIEC - ok
14:41:21.0671 0x01ac  [ A90FE8A4D83FC362146078290B44118F, F05D2BAEFA84475CEF5AF9A28C43FCA41FB7C4142A68865ACF557D233D2F5AA1 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:41:21.0750 0x01ac  ADIHdAudAddService - ok
14:41:21.0828 0x01ac  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:41:21.0875 0x01ac  AdobeFlashPlayerUpdateSvc - ok
14:41:21.0875 0x01ac  adpu160m - ok
14:41:21.0890 0x01ac  adpu320 - ok
14:41:21.0906 0x01ac  [ CEBAAB427077DEBE43B0D5009780D1FD, 5DBB7911B1BB085E08DFD129882834BDE24CFF90E8A14B5889A6E2562D9C1B96 ] AEAudio         C:\WINDOWS\system32\drivers\AEAudio.sys
14:41:21.0937 0x01ac  AEAudio - ok
14:41:22.0000 0x01ac  [ 92500BC3A6E241BBC357F532DD500A75, FE14096E9F3DA851092D43EB58AA89C69235456768EA6D0CB9BCFE655FCA90CD ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:41:22.0062 0x01ac  aec - ok
14:41:22.0093 0x01ac  [ AC7010DDE9111A1C65D7391ADA5C7257, 8F28866AC9F10C377A401A9E7F6E50106DA72967E8C4F65D641B6AACEF7D2FD5 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
14:41:22.0156 0x01ac  AeLookupSvc - ok
14:41:22.0187 0x01ac  [ 8A7742098432696EC85A9EEF15C4D8E7, 5B8D75044B2CFC6B0DFE60E41327D0B2081A9D2EB6006204F384B869705F3D8B ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:41:22.0234 0x01ac  AFD - ok
14:41:22.0250 0x01ac  aic78u2 - ok
14:41:22.0250 0x01ac  aic78xx - ok
14:41:22.0250 0x01ac  [ AFA2CF7CB731CA177CCCFFFFE5D88776, BD5F71D558AAD16F34E1F6810C962A720CD8F7B80352DE4CD72A06222EA4025E ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:41:22.0296 0x01ac  Alerter - ok
14:41:22.0328 0x01ac  [ 2D21FF6D4CD30E679F1A294D5BA3D97B, 9202A43243E48CDF1274A63D09FAC5591835D59F488F06C811D47A8DF965391F ] ALG             C:\WINDOWS\System32\alg.exe
14:41:22.0359 0x01ac  ALG - ok
14:41:22.0375 0x01ac  AliIde - ok
14:41:22.0375 0x01ac  AmdIde - ok
14:41:22.0515 0x01ac  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:41:22.0562 0x01ac  Apple Mobile Device - ok
14:41:22.0593 0x01ac  [ 4F6B2DE8BC199C542F174844BB64485A, 6DCB098F5B0EBB188554E2B1415C1FF22D2FCFFA49A505A81933E812039DFBBF ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:41:22.0625 0x01ac  AppMgmt - ok
14:41:22.0640 0x01ac  arc - ok
14:41:22.0671 0x01ac  [ FDA73C1ECD1EC4F366FF0AB85ABF816D, 5A1125D2E75CACF75C70988B2A21E0110ED050FF9FB052E9B56822C10253FE0A ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:41:22.0718 0x01ac  Arp1394 - ok
14:41:22.0796 0x01ac  [ 8065A7659562005127673AC52898675F, B48A309EE0960DA3CAAAAF1E794E8C409993AEB3A2B64809F36B97AAC8A1E62A ] AsIO            C:\WINDOWS\syswow64\drivers\AsIO.sys
14:41:22.0859 0x01ac  AsIO - ok
14:41:22.0921 0x01ac  [ F9F0F095586009E5DA0C32E648AA99FA, DBF3F49B62A13FF5DA1189665F1E41FE51F1A4AEEF24ECD793F6D68753BEBA25 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
14:41:22.0953 0x01ac  aspnet_state - ok
14:41:22.0968 0x01ac  [ 7380ACDD2D8E6621392E56D9A0467FE4, A364874276B85EC7E338A336ACC3427B7C6EFC6DA7F835580A31883A7B16E8F1 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:41:23.0015 0x01ac  AsyncMac - ok
14:41:23.0046 0x01ac  [ 7A1814D0D112F50F828E25557A1ED29F, 2A85B602D5087A27736A2BBE71FDA372E9B843539C10AFF3C4A0A8A9784408FE ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:41:23.0125 0x01ac  atapi - ok
14:41:23.0125 0x01ac  Atdisk - ok
14:41:23.0156 0x01ac  [ 62D65FCE5695B53A2DDF92E83111EA06, EA309ED82765593D1A1762DE62226647BF873524A780F000883B3F2382215622 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:41:23.0218 0x01ac  Atmarpc - ok
14:41:23.0250 0x01ac  [ 0DA015AB1EE54988572CFC4B7644556A, AD282873A3917A0DB5FF3C6C91877F6607CDDE1F752712E7E7C6B9F7EB4B062F ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:41:23.0296 0x01ac  AudioSrv - ok
14:41:23.0343 0x01ac  [ 1437089F59DBA75FEE4ED959077A938E, 9063F1BF7D018961894172E7F63D7295BD2A4F1A24255F89905810AB756626AD ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:41:23.0406 0x01ac  audstub - ok
14:41:23.0421 0x01ac  [ 8BA2E5CDFDE406DC4646AFB894804844, DB043993312412262AD89111E3CFE3B21A4F85E356D71F1353E38052ACC4DED4 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:41:23.0484 0x01ac  Beep - ok
14:41:23.0546 0x01ac  [ 749C15323919984A6E08BAD427D89936, FA23F2813EA95B91831CAB9EA58C6573F11ED5175ABD89BB1752C59E4F2C9E12 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:41:23.0640 0x01ac  BITS - ok
14:41:23.0671 0x01ac  [ 3395906D463D1C3553213C54F777D213, 52BDF54A7CDB7A40BF0FB6D02EB6A127BB848AB6C89201BE8ADD2DBB81D16CEE ] BMDDeckLinkAudio C:\WINDOWS\system32\DRIVERS\deckaud.sys
14:41:23.0734 0x01ac  BMDDeckLinkAudio - ok
14:41:23.0781 0x01ac  [ 3F12A27C914C83CACA78B6DBF4C39FA2, 9FB6A9E675329043557A1BB72B8E2A653AA7C85EB9BFB4809DB3FA488D72947F ] Browser         C:\WINDOWS\System32\browser.dll
14:41:23.0812 0x01ac  Browser - ok
14:41:23.0812 0x01ac  [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A, 2A793288E8EED0C656E62D53FB538F9CE9B65B7666370D406F5BC34DB7CD3472 ] CdaC15BA        C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
14:41:23.0875 0x01ac  CdaC15BA - ok
14:41:23.0906 0x01ac  [ 9067D96899D98CA4535A76E8C8B2E3A5, 9B1F9F69B5BC3F519F1A7F191AE0440F1DD33E405396C4214AE565E913C1D41C ] CdaD10BA        C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
14:41:23.0968 0x01ac  CdaD10BA - ok
14:41:24.0015 0x01ac  [ 4D99E36322FB51A8D1B2B6D6B69D9889, ADD7675C57EE2576AB3D79B3C6DCA9284BC1D75728D89842DE871C08B1BCE455 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:41:24.0046 0x01ac  Cdfs - ok
14:41:24.0062 0x01ac  [ 11663FE50E499FFEE77979542B285F38, F19E6270B6C548BDBFE5FE1A001AD50BFEBA330415BB742FB8C912E9AF33C860 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:41:24.0109 0x01ac  Cdrom - ok
14:41:24.0109 0x01ac  Changer - ok
14:41:24.0140 0x01ac  [ 46C54F209031AFA0F100D0703FC346DA, 5E122FDAC6FB1DBB71A65EE81FD6F65D326B4C465C9311A54B190AFE111BB9A2 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:41:24.0203 0x01ac  CiSvc - ok
14:41:24.0203 0x01ac  CLBStor - ok
14:41:24.0203 0x01ac  CLBUDFR - ok
14:41:24.0234 0x01ac  [ 74F11D0323666D9F615A2D3692590122, EBF245F1FCDEBF8FF25179D1D606235CB216855323D33246C868D36BD2143506 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:41:24.0265 0x01ac  ClipSrv - ok
14:41:24.0375 0x01ac  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:41:24.0437 0x01ac  clr_optimization_v2.0.50727_32 - ok
14:41:24.0453 0x01ac  [ FA58B51ED71C9133E141164EAA7C54EB, 36310620185E43149A5CACFC9E26D3F322D7E5A958024885232F1AC0A5AA5C0D ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:41:24.0531 0x01ac  clr_optimization_v2.0.50727_64 - ok
14:41:24.0546 0x01ac  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:41:24.0593 0x01ac  clr_optimization_v4.0.30319_32 - ok
14:41:24.0625 0x01ac  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:41:24.0671 0x01ac  clr_optimization_v4.0.30319_64 - ok
14:41:24.0671 0x01ac  CmdIde - ok
14:41:24.0671 0x01ac  COMSysApp - ok
14:41:24.0734 0x01ac  [ 423F7A6E3AF4C2A73C8C8AD945F72CBA, D552491C3874B60859E278EE11F5A1DE15E16C2B58CE7B6E473A0311BB6D996D ] crcdisk         C:\WINDOWS\system32\DRIVERS\crcdisk.sys
14:41:24.0796 0x01ac  crcdisk - ok
14:41:24.0828 0x01ac  [ 8B0B3744C60936ACAE31012799DB3982, D4A85362ABDCD874A79F65911A7DA76122D00BD53E47AEBFC58C0FFB7E99BC0B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:41:24.0890 0x01ac  CryptSvc - ok
14:41:24.0953 0x01ac  [ A6130365606F3D6332B014FC3DA931AA, 80A81A3D351305EAD11B90C35F06D20035328FF802A628F91DB8DD8CB424AEEF ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:41:24.0968 0x01ac  DcomLaunch - ok
14:41:25.0015 0x01ac  [ F2D780C58322754F7FD2419B05D34BA2, 19AFBD9E88F7A2F82F1CA7052B84D4B5B3BA69432BB85DDBC6394E2782962F9F ] DeckLink        C:\WINDOWS\system32\DRIVERS\Intensity.sys
14:41:25.0093 0x01ac  DeckLink - ok
14:41:25.0140 0x01ac  [ DE4C841DDA8D5800515A5CA908580A36, B1B92BD9D611A7E6EC00D6970602FDDAE563EC99A810CF2404AB1A42F8AB41A8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:41:25.0156 0x01ac  Dhcp - ok
14:41:25.0187 0x01ac  [ 417D7B9C6F36685A417E54690F8BD7B2, AB8EF8885BCB7667624DB06A2B50582FF3AE5FDFF7A8BD410CEE2FA326B161B0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:41:25.0250 0x01ac  Disk - ok
14:41:25.0250 0x01ac  dmadmin - ok
14:41:25.0296 0x01ac  [ 19D704C92C2E2BD4DC99DB18A3523918, 0905E497E14AB2CB3A00C6C35BCB9BB9E0635AB09B632F8B95D29B80EC5A4E4A ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:41:25.0359 0x01ac  dmboot - ok
14:41:25.0390 0x01ac  [ B293CE1C9243219F6B9E5DBCAA75B962, F01F0F949D4FD82BA8CA0E17A76CC05EF9FF90F6E425A297453B78C8D1D43494 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:41:25.0437 0x01ac  dmio - ok
14:41:25.0453 0x01ac  [ C294E31D6CB7407A43C96EC1FEC1F8A4, 62F2E5A2B4FA04416EA58E9D525B482BFF6753FBD2378B17B0438527156032B0 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:41:25.0515 0x01ac  dmload - ok
14:41:25.0578 0x01ac  [ 76F7E7922F428BE040F800920BB8FF3B, 71C4C0ECEFE3DFED359891F855F86B18142B8D5F432F08F4D77A32E166F14BF6 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:41:25.0625 0x01ac  dmserver - ok
14:41:25.0640 0x01ac  [ 19C1612C4F5D828935D2270C7AF13E6E, 2319CE96B13D0E31CC13959E76709F0EF34AC5D20F4F8595BFC3AE852088EAB0 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:41:25.0687 0x01ac  Dnscache - ok
14:41:25.0687 0x01ac  dpti2o - ok
14:41:25.0734 0x01ac  [ 3D52BD28FCB943DA53CE12C3D4A4C0AF, 247EFE0549375E821B8A1012BCD80084B7016BD1B839447DCCED20558FA7BDE5 ] dsNcAdpt        C:\WINDOWS\system32\DRIVERS\dsNcAdX64.sys
14:41:25.0812 0x01ac  dsNcAdpt - ok
14:41:25.0859 0x01ac  [ 16AA121BE8AB82624E603324D0A87C4B, 8A045F15A2A9A4FF9BBF31371F23D186526CDDF45473ADB2C1C3479482D43CA1 ] dsNcService     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
14:41:25.0968 0x01ac  dsNcService - ok
14:41:26.0000 0x01ac  [ B063A36E4E027A9DBE2B019EBBBEAE86, DA2BA66D9C610B03D973C6747C5FBA34F2582AE9BE9F6162816F455694306E37 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:41:26.0046 0x01ac  ERSvc - ok
14:41:26.0093 0x01ac  [ 1E07EE3F50DFF2FE9B0A9D196E82698F, 34527011E240255179F6C40DA3DF9AACBA9A6AE14E19172D12AA38DB096D88EE ] Eventlog        C:\WINDOWS\system32\services.exe
14:41:26.0140 0x01ac  Eventlog - ok
14:41:26.0203 0x01ac  [ CDEF30A1DCFFCAF6A4E8B7812AE79C95, B5F30FD6EB2A6958709CEE8B97EDED7E4BFB25583E4BDF6B22364B61648285FC ] EventSystem     C:\WINDOWS\system32\es.dll
14:41:26.0234 0x01ac  EventSystem - ok
14:41:26.0281 0x01ac  [ 7C713B9F6F968F135D3D819492882CDD, 07F05A9240603B1B0C1845ABDA4188BE591CF3BC8784D88146B953895DF2F905 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:41:26.0359 0x01ac  Fastfat - ok
14:41:26.0375 0x01ac  [ 7E35D423FF10AB5B8AF1D3DE86236690, 27976CA874C7FAC2CD6B0ABD4C3278B42FE96CFE15B621CE80923A2A5E6DA38D ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:41:26.0421 0x01ac  Fdc - ok
14:41:26.0468 0x01ac  [ 73EA9000F8FB2E060954EB7C3377A3C7, 2B9EB0C4904019B5E404F5A47028E2F16A375C4F67420CE3647D9132D362ABF3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:41:26.0531 0x01ac  Fips - ok
14:41:26.0578 0x01ac  [ 8AC77974378EAC3548330951A5DEEEBF, 1C0B7338E8F00E1915E1CDC265FD7249548DDD949106A5CE451A6CAE3FABE2FD ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:41:26.0640 0x01ac  Flpydisk - ok
14:41:26.0640 0x01ac  [ 087DB260F98056AC40261ACAE4240882, 9583DECB2631425BA470256A970B305949AA2C95A232F51D498A1ADF70A5948C ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:41:26.0703 0x01ac  FltMgr - ok
14:41:26.0796 0x01ac  [ 8A4DCD28D2BE12946F6D5D308B0942A6, 92956D815C4C63AA1886AB26AEDBCBBBB352D56AAD7081FC0AADFAE5B956241B ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
14:41:26.0843 0x01ac  FontCache3.0.0.0 - ok
14:41:26.0859 0x01ac  [ 70DF80567A55A97894B4E8952EC5E7FC, C0AB4711F3755D84F3C419FED5F8D9AA9A3337B7F1F147F84D4A54073DD27914 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:41:26.0906 0x01ac  Fs_Rec - ok
14:41:26.0906 0x01ac  [ E90AA7C073519DD8571670818CB85CCB, 5474D20C1355AD986B7A43B21D0069C94C31254426C9A4F33ABCDE6A34C0580C ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:41:26.0968 0x01ac  Ftdisk - ok
14:41:27.0000 0x01ac  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:41:27.0046 0x01ac  GEARAspiWDM - ok
14:41:27.0093 0x01ac  [ 865D4D0B4E3730EF8040000CFB846D9F, E5F4BB59A16AF2E984615F57B1F6E552F2D5BF2E248ED993D8A4B20F06B41DCD ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:41:27.0125 0x01ac  Gpc - ok
14:41:27.0156 0x01ac  [ D36E47728CDBC8D17A77D36A6CBC29BB, F24FBB4C773C330A0F040833745C3B66ED203AFB913C9614EF5A33989BD1E576 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:41:27.0218 0x01ac  HDAudBus - ok
14:41:27.0312 0x01ac  [ 40E274B64843813A81C42687592339D7, 90C3262F6F809543A5B00B0ED7AC0A71821BEAB68C955451470CF4BED0E930D5 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:41:27.0375 0x01ac  helpsvc - ok
14:41:27.0406 0x01ac  [ 9648AD494BE12B39ACC2DB638E2340A0, 5606D26B37E26AC50A66E068DCAA4F897EADD1EE9DF49C8A28490F28646DA8BB ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:41:27.0453 0x01ac  HidServ - ok
14:41:27.0500 0x01ac  [ F32BEC5614A61BBB2BEDE070D279F88B, B9CA32159CFBF658F412C77BF175BFC2E8209A32947F7C4BB251AD2A76D81759 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:41:27.0546 0x01ac  hidusb - ok
14:41:27.0687 0x01ac  [ 38D6B51F04DEF7FB248FA56E4C47407E, 9D2A53553AF2FB2E8424BE6B6388EFFC69240EA5BBE043AC542029BE39BACB25 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:41:27.0687 0x01ac  hpqcxs08 - ok
14:41:27.0703 0x01ac  [ 3EE4A63539EC04EE2D4BD293985087AB, 754826BC906F69AEE5D2CFEA1B22B7179767999C834B70D561F8B0CB4CAE9A59 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:41:27.0734 0x01ac  hpqddsvc - ok
14:41:27.0796 0x01ac  [ B76FDD8EC7120474E7BC9CAD400DAC6C, EB834268927A9E4CC58C180E59068AC83DBDD186D1EEDDF8D4442E3A0B5E4CF9 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:41:27.0843 0x01ac  HPZid412 - ok
14:41:27.0859 0x01ac  [ 9B28887500DB96A433C9C9DED8FDC886, C888EEA1BC43ACA3C3D8FE0760F7FB8C58E6A6D58637F3427FA00C0E9B35B459 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:41:27.0921 0x01ac  HPZipr12 - ok
14:41:27.0953 0x01ac  [ 0013DD74CD20EBFB8C816D9DF7413D91, 527944E558868382CCE2DF755AE6C75D6D08FF0CED23CAF035BB0D11D52ABEBE ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:41:28.0000 0x01ac  HPZius12 - ok
14:41:28.0062 0x01ac  [ 5C8BC8A28798FD010E7ABC4E0D588CAA, 622CAFD3DCBB05E15539589FDD4002DA6F24790FC55BDF05AA3D043E8A34E53E ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
14:41:28.0109 0x01ac  HTCMonitorService - ok
14:41:28.0187 0x01ac  [ B54738DF11D0E06072BF9C332DB1D254, E9E20EC1E8F8C80C632CDB765C406C5CF120F8B927ABC4A2D947F62F861426F3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:41:28.0281 0x01ac  HTTP - ok
14:41:28.0312 0x01ac  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] HTTPFilter      C:\WINDOWS\System32\lsass.exe
14:41:28.0359 0x01ac  HTTPFilter - ok
14:41:28.0359 0x01ac  i2omgmt - ok
14:41:28.0390 0x01ac  [ 50FD608643D9B56C4C75C0784513F77E, 676229455643781D79F421B986CCCAA14F861492B66C7225AE1347881E561777 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
14:41:28.0453 0x01ac  i8042prt - ok
14:41:28.0453 0x01ac  IASJet - ok
14:41:28.0562 0x01ac  [ 501CF65702D7F64C38DB360F7EB07ADC, D4EC76EC74B6A79D06CD14C75ABC82ED1931CF5EF393BBCADA40FCC78FA9BD6D ] idsvc           C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:41:28.0640 0x01ac  idsvc - ok
14:41:28.0640 0x01ac  iirsp - ok
14:41:28.0687 0x01ac  [ D2E541613B72FF9FCEDF37B166930706, CF3985DCD3EABEF8B972664C0F22C6A42E2C3F3A3572EC391D083B7E76A00455 ] imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:41:28.0750 0x01ac  imapi - ok
14:41:28.0812 0x01ac  [ 9014C144CD95EEE1F5884664A4BFB4D8, B8E6D6509C11B080558AF72377D4373E5D363979D3B0FE832E3B41D20870ACFE ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:41:28.0843 0x01ac  ImapiService - ok
14:41:28.0859 0x01ac  IntelIde - ok
14:41:28.0875 0x01ac  [ F8DEF5F83DEF3D1EE89BC851BFB6A886, FECFE1FE36877441956C1DBD96A46A946CB5EC2744A8B3D6252548196A2CA8DC ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:41:28.0921 0x01ac  intelppm - ok
14:41:28.0953 0x01ac  [ 6601A43EE389D0ADB11AAEDE9A98036B, 0CE5143CC0FFFC7CAAF083A54227010137E00E97876C4D9BC898C4B7320F8DF6 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:41:29.0015 0x01ac  Ip6Fw - ok
14:41:29.0046 0x01ac  [ 1B1B4654A5492A42D2E1BF5B2B22D32B, 17BE92DEE96967788F35DCB4BA325D6411230B55214F5895D27F5DDC2B12544C ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:41:29.0109 0x01ac  IpFilterDriver - ok
14:41:29.0109 0x01ac  IpInIp - ok
14:41:29.0156 0x01ac  [ 088ECB04137DF1F52EC10C29D57A8CCA, E1A581047C1DA3F51950FA54B51AEADEA2A41EF8189F31CCBE7638B376024E36 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:41:29.0218 0x01ac  IpNat - ok
14:41:29.0281 0x01ac  [ 7E4F8065367AE5BA387262D57B868DF5, 3D09A778748D30AFD37B23603CCC151B028D505FF3CB7763CE393F6CFAED3A9E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:41:29.0328 0x01ac  iPod Service - ok
14:41:29.0343 0x01ac  [ DB841EC6F027C780002EF47AABFDDF86, 59CF682AC2C3908495BF8791CE545095E931D1D2CEE71E9D33A7DD2FA0D31015 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:41:29.0406 0x01ac  IPSec - ok
14:41:29.0453 0x01ac  [ 8B7015EA0171242CCA03C2FB48CCC771, 9CC5BB9492751CC1829E87B17964F2A6BCCB2EB448145998881E31330970FF8D ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:41:29.0500 0x01ac  IRENUM - ok
14:41:29.0515 0x01ac  [ D994162E4D8E931FC16A892A87852BBB, F80D217317E08F1366040DA5FC7331EFE9DF5DDC8608AAD4FAA45D6DF118E28B ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:41:29.0578 0x01ac  isapnp - ok
14:41:29.0718 0x01ac  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files (x86)\Java\jre7\bin\jqs.exe
14:41:29.0781 0x01ac  JavaQuickStarterService - ok
14:41:29.0781 0x01ac  [ E85095372008A9194C7ED6206CB782DA, 4C19D415D2D35F4A3E173D47C3F9881659C68D98ECB0123450665CD79FF2C001 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:41:29.0828 0x01ac  Kbdclass - ok
14:41:29.0890 0x01ac  [ F96D8CEC38EFD64AAF41976D214FC54E, 6F4CD427EDB076427457DC9ABDD6FD19AF19A25A132F5FC0AE3CE24DAD6B50D4 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:41:29.0937 0x01ac  kbdhid - ok
14:41:30.0000 0x01ac  [ 1B280B3B4C10CC2E3EC3AEC17EB6B658, 8540FA4B4E06067ADD9421C8444B0F143970513CEF000CE6899572D4F3B8CA1B ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:41:30.0062 0x01ac  kmixer - ok
14:41:30.0093 0x01ac  [ EDCDC587073AC4BE72C5A66FE30ACA00, 4F14C074BF67D7D00AAD4BE3AA5AC08EAEE2FEADE942AD6082B8D22DC278C05E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:41:30.0156 0x01ac  KSecDD - ok
14:41:30.0171 0x01ac  [ 5CB302B6CAACE41AF70C34B56EB3DB23, DE545B1CF1D37D2A58826665D8694B0F6FAAA293D4DB4D707D32FC726EF42866 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
14:41:30.0234 0x01ac  ksthunk - ok
14:41:30.0281 0x01ac  [ 4D8E9A805ADD244B5C511147A5D9BB8C, BD489A23DC8999A5BBB70C820CCCC14FCBFE023A236B5715A61BFC856B0CBC29 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:41:30.0328 0x01ac  lanmanserver - ok
14:41:30.0359 0x01ac  [ BF4105D3EB357652A4EA73F170715ACD, F28D4A3615E188104E094FAA185EF8C9275168913E9DD120A921CC6627E32B06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:41:30.0421 0x01ac  lanmanworkstation - ok
14:41:30.0515 0x01ac  [ 4AF65F3A2253DF7D0B8D80812EAE7A7C, 1F36F237F6AE35DF916C67AF967E9BC269DD9030705AEFADE15328A3F4D7D90E ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:41:30.0562 0x01ac  LightScribeService - ok
14:41:30.0609 0x01ac  [ 80DB42573F8EF6CBB6A7A0FF6966A352, B2CF856BC3EE206B983C213F476DA040A74C315C45F22867F587BF02C76EC160 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:41:30.0656 0x01ac  LmHosts - ok
14:41:30.0687 0x01ac  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:41:30.0734 0x01ac  MBAMProtector - ok
14:41:30.0812 0x01ac  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:41:30.0859 0x01ac  MBAMScheduler - ok
14:41:30.0890 0x01ac  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:41:30.0953 0x01ac  MBAMService - ok
14:41:31.0031 0x01ac  [ 639DA8F468552785E15F0F2FD8DB44B3, 64AAD2490114C9B36794BEEABA839A5C0FB83F76F27B15CB3C9A048A3DD84AAC ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
14:41:31.0078 0x01ac  McAfeeEngineService - ok
14:41:31.0125 0x01ac  [ 1B963D79740B187795407CD03E2F7B4D, 8223B5B1A16661726D98C9D0086E0EE4DBA7FD4A4020021263B2295BCA70B518 ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
14:41:31.0171 0x01ac  McAfeeFramework - ok
14:41:31.0218 0x01ac  [ 4E09D8C4C861348A7F1C12A5AA9C4DE7, 81FABFC4240B346A5A630E279E81D8BD38647A0B8E23BA169A81BF5D5EA95026 ] McShield        C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
14:41:31.0250 0x01ac  McShield - ok
14:41:31.0265 0x01ac  [ 3774AAD155F31D58D932861D0A4FD641, FEB1A36862CA7109C6923F1407B44988C493E218E89BA4A361F693BC59AA9900 ] McTaskManager   C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
14:41:31.0312 0x01ac  McTaskManager - ok
14:41:31.0343 0x01ac  [ 34EF8CBEA95EF5108A1349FC22D87513, 10BEC2856EAE0CA2B2A7AF147C40805BCC1C24695BCFCA893325EBB340F24276 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:41:31.0375 0x01ac  Messenger - ok
14:41:31.0406 0x01ac  [ E2D642A38A8DC4722F859092F731B6A3, 7B0FBB7AA1337641B8C392D8D0CF1A0DA719C37BEF5EDDE23B2C60BA25EC6F4A ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
14:41:31.0453 0x01ac  mfeapfk - ok
14:41:31.0468 0x01ac  [ AE23ED41216E160F54E5EF1A5EE325F7, 0133F8E932E55366EDD5CC2A581A67531121E1BB8C91032AC8B6D88BB236D92B ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
14:41:31.0531 0x01ac  mfeavfk - ok
14:41:31.0578 0x01ac  [ BC76BC7129B2206098AC220B656F15B7, ABF7652D7B7B5BCB21BBCFFD6BA598735F6C046D8953D8B03167B98A8CAC5058 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
14:41:31.0640 0x01ac  mfehidk - ok
14:41:31.0656 0x01ac  [ C7C15D125AA697BE97087D197C9FAD08, 963399D20CF70A67FAADB85FE6485D3C4F96E463D0D014BC9B3B17CA7A148DE8 ] mferkdet        C:\WINDOWS\system32\drivers\mferkdet.sys
14:41:31.0718 0x01ac  mferkdet - ok
14:41:31.0734 0x01ac  [ 41CA4C4292004486D004D357B9C19718, 1B62D3FDD55E77BF89815D5834140EA4F774662C1FEB938E230796BB3352B689 ] mfetdik         C:\WINDOWS\system32\drivers\mfetdik.sys
14:41:31.0765 0x01ac  mfetdik - ok
14:41:31.0781 0x01ac  [ C39855495E82EC6B02E6190C34A1B752, E53CCB9A8BB07F2A3565300FAD34E74A68A75EA367611E99F8D0D7B09228B2D2 ] mfevtp          C:\WINDOWS\system32\mfevtps.exe
14:41:31.0812 0x01ac  mfevtp - ok
14:41:31.0828 0x01ac  [ AD6BC1EFA0C1B53409947F06DE87FC89, A5A32E731151E6A22969A12FB75E64448E3B012CA56AD3FE7E92EE89B89173A3 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:41:31.0890 0x01ac  mnmdd - ok
14:41:31.0890 0x01ac  mnmsrvc - ok
14:41:31.0921 0x01ac  [ 9A67A96A0CBC2BC658ABF8C9B5EE065A, BDFC3D82578E049592A273E7247A80495D2BB82B9F2E603164037CBC4B7CA28F ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:41:31.0984 0x01ac  Modem - ok
14:41:32.0015 0x01ac  [ 12ACF32EDF03E46805347817ACB9F64C, 03549892876175B3FB3C7DFC51460E2576C3CD575C99A173745088E1D38410ED ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:41:32.0062 0x01ac  Mouclass - ok
14:41:32.0109 0x01ac  [ A0C4E4A79C5D6F418315C33177F2B5BC, AF892EF90545319E9DC68AB1848FF291CE1059A2CD04AA7BD12945C01A1949BA ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:41:32.0171 0x01ac  mouhid - ok
14:41:32.0203 0x01ac  [ 7E9CC7E4282A8E7A480560A6F817C177, CA6A9FAFAFD1E62A79EE1E88F103FC36ADA1026FAFCC626DB9C88421DE5555D8 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:41:32.0265 0x01ac  MountMgr - ok
14:41:32.0296 0x01ac  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:41:32.0343 0x01ac  MozillaMaintenance - ok
14:41:32.0343 0x01ac  mraid35x - ok
14:41:32.0375 0x01ac  [ 3D33208E5A7414D8633D34D24F119173, C2F4B8FE32F0D0C9F861A63E34E2A25BE432609E406E500BB02834BEA5834C63 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:41:32.0421 0x01ac  MRxDAV - ok
14:41:32.0500 0x01ac  [ 9385E695B33068B90CF419186ECAA3DE, BEAE16546FA43FCB47B6FEACDADF9C7EE1D492D5825DF615E84E36B03C5E7A6D ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:41:32.0593 0x01ac  MRxSmb - ok
14:41:32.0609 0x01ac  [ D42976785BA169C2361F97CC6A20681F, 7790219D3C783886ECC0D06EEBC10973759A278C307B334877243F14978A3565 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:41:32.0640 0x01ac  MSDTC - ok
14:41:32.0671 0x01ac  [ 983F4AB7A50D56CD33E2061EE733BD55, 91F67285564BDD007C56F124E34323B455747D79A1D370690D016316A73A247E ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:41:32.0734 0x01ac  Msfs - ok
14:41:32.0734 0x01ac  MSIServer - ok
14:41:32.0765 0x01ac  [ 308EC6FBEF38871CB2C4CACE9C8F4808, BAE1435430A08930207DDA961AE4B62D7657ECA57F84B7C6102C776FBBD327D0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:41:32.0828 0x01ac  MSKSSRV - ok
14:41:32.0843 0x01ac  [ 8D3226738479719AAB3B6D2617D7A55C, 2C6974639170016C00010CDC49231BD8B10D7B5B5D2775B19065EC9DC32B1CC0 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:41:32.0906 0x01ac  MSPCLOCK - ok
14:41:32.0906 0x01ac  [ 058D63E8D000AE678D4549BFA8EB0DEB, E3BC297DF7D9C67D235B35B692B7CFE37B38A14A5CD78EB5E7A7652E3BB39AF1 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:41:32.0968 0x01ac  MSPQM - ok
14:41:32.0984 0x01ac  [ 5992D1F9ED64017A76AFEE2B79F5CFB9, 82077C3D5C7C77B923E75A250837BE3E911BCD3ED4A53C8A13E4372429E32721 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:41:33.0046 0x01ac  mssmbios - ok
14:41:33.0109 0x01ac  [ CAC3BB575E4A0417BFF28D3196E44D3A, 75EC6AFA492DC393CA3E68EE7F0109617A81CDF4CC39F12FEBC4A2F4E9CCEF8A ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:41:33.0156 0x01ac  MTsensor - ok
14:41:33.0218 0x01ac  [ 5902C8E565FE346076786F43103EF02E, D16FA965CC55BC820C79E84A1A62FF6B0D9948FE8FA8211A22A9B9720A6F258C ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:41:33.0281 0x01ac  Mup - ok
14:41:33.0328 0x01ac  [ 6FE83D05AEBEF7930D7CE91568DC99DF, 584DA0561F1E106830B4958510862B8520885257B9F67A10A192D6A5EE384D4E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:41:33.0390 0x01ac  NDIS - ok
14:41:33.0437 0x01ac  [ 389CFAB53AA9807EA4536CB0B03609C3, 539EEDA91096B0259D8A02A12B0851D3115631CFDB3295F034B2C707FB099C5D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:41:33.0500 0x01ac  NdisTapi - ok
14:41:33.0515 0x01ac  [ 49C1207C1AE8C6958F1C1747132814C2, C1DA17D8A9CC4A93E620E98E52880F7591419145B9C031FF4501794D3B8252F9 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:41:33.0578 0x01ac  Ndisuio - ok
14:41:33.0578 0x01ac  [ 6157A7AEAE6D2B948FF2E872FFAC765B, 22C28325D50EF4B5C7EB9AAA71BCB72CECE2B6591D380C24285E938DCD15E3BF ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:41:33.0656 0x01ac  NdisWan - ok
14:41:33.0671 0x01ac  [ F3D27141BEDE53E05D8B44362A62FC2D, BB7281ADDA1D66A09191A9D39DF90D6FBF2E2D4D4DA6CB2990215BBDEADE3D29 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:41:33.0734 0x01ac  NDProxy - ok
14:41:33.0781 0x01ac  [ 59267D2F0328599AA3B5408C2E06126F, 54D59079F04F9F08F980C1F1A8F8973ACF9C344218818A15A762287EE6F22F02 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:41:33.0812 0x01ac  Net Driver HPZ12 - ok
14:41:33.0875 0x01ac  [ B1CEE06471A069149B11FADA23FF00FD, 0EF7F85230AF7E0CC2D189A2EC0B124674F1C2877F499F9243F4B4CE50356FF1 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:41:33.0937 0x01ac  NetBIOS - ok
14:41:33.0984 0x01ac  [ FEDAAFB6CD700B9E0787C94D81C07DB5, D8394E0922C9F92DA27526F96841BD675AAC8EA9F0B8783A8E1B08E8239CB41A ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:41:34.0046 0x01ac  NetBT - ok
14:41:34.0093 0x01ac  [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:41:34.0140 0x01ac  NetDDE - ok
14:41:34.0156 0x01ac  [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:41:34.0156 0x01ac  NetDDEdsdm - ok
14:41:34.0156 0x01ac  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:41:34.0171 0x01ac  Netlogon - ok
14:41:34.0218 0x01ac  [ F28FD9DBA68A85D6EE4225A83F127D2B, 60D97E3FBA76A767C29AE9586E6DCE55EB9F6F696583338DFA58436A00FF78A9 ] Netman          C:\WINDOWS\System32\netman.dll
14:41:34.0250 0x01ac  Netman - ok
14:41:34.0312 0x01ac  [ 8BC776595238AB62072AA6BEB17DDF59, 50C6944D52D13A602F254F7ADCFB7A66C51334E273DDA0876DFC40F0D1E158F0 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:41:34.0390 0x01ac  NetTcpPortSharing - ok
14:41:34.0406 0x01ac  [ DAFC30299E872CD7ED3795EA0FA08F67, 71D95D624B12621BC918A39CA2D684916C8CB6E388EC6D01D011597B0B36C7B7 ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:41:34.0468 0x01ac  NIC1394 - ok
14:41:34.0500 0x01ac  [ BA13C3C32A69DC37653C9543E065950E, C9E48C33A4B36BE9D553F16662B3F36714043AE67FFBEB3314557575005221C0 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:41:34.0546 0x01ac  Nla - ok
14:41:34.0593 0x01ac  [ 81819038621A2C524781EC503D400287, 9CB8DD11863C1AC2CBD2D5A6F4237770A6D864FF11098924D5ECDE07634D6E29 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:41:34.0656 0x01ac  Npfs - ok
14:41:34.0718 0x01ac  [ C8904B5F90AB2236692E83D491C4D426, 331F8944AF992054B62F43E83BD31D0B82BC96EE3483E18B9F2BAA35803BC83D ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:41:34.0796 0x01ac  Ntfs - ok
14:41:34.0812 0x01ac  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:41:34.0812 0x01ac  NtLmSsp - ok
14:41:34.0890 0x01ac  [ A398462077F68A41B4DFF9FB7E8FC7B8, C59A19BAC990525AE3CBB81414DBED5BCB5FED0E2B42620953A77D467E4CEAC6 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:41:34.0968 0x01ac  NtmsSvc - ok
14:41:35.0000 0x01ac  [ 501039187C444FA7AB9D97B6A6C667B3, 96E2D68DEC08A78BC73868DC35DC23E62CDC1D5A91381A90BBAC5866952A6D19 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:41:35.0031 0x01ac  Null - ok
14:41:35.0343 0x01ac  [ 9AC7300C7610B1799324FB9009D38F2F, 7A6CCB86558E355FDBA1DCFB34DF5E9A52EB6073DDD6F31A09D38EB8B930C4EB ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:41:35.0687 0x01ac  nv - ok
14:41:35.0750 0x01ac  [ FDDEEF7BC84903EF7EBBDC9B7AFD2A00, 942BEFFEE3D1A15C566DAD8FE43BF6542F6EFC3BB98B146AAB8C26B9289517C6 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:41:35.0796 0x01ac  NVENETFD - ok
14:41:35.0843 0x01ac  [ EAB336C98E6402C7DF419E81E1DCE89F, D4133357CF60DE5AFCCFE421829FCC28ACA7BEB5CF54FAD2B5C9D739C706E104 ] nvgts64         C:\WINDOWS\system32\DRIVERS\nvgts64.sys
14:41:35.0859 0x01ac  nvgts64 - ok
14:41:35.0859 0x01ac  [ 53B3BB9B39FAF6650EEBA231015A8EA4, 06B8923A95FE1C8021EC5B5C4610AB60D2FE78FE2A22680B9D8813D746297EBC ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:41:35.0921 0x01ac  nvnetbus - ok
14:41:35.0937 0x01ac  [ 6EFFCE117444E36F25D9997BBC6E89A3, A73D20B900409AC3DD4B0149616F1556F33C13854038A1907C4C38BCD8BA70F4 ] nvrd64          C:\WINDOWS\system32\DRIVERS\nvrd64.sys
14:41:35.0937 0x01ac  nvrd64 - ok
14:41:35.0984 0x01ac  [ 4247C01752CF94336AB732CFEF75F8FD, 0485CBE7950C39ADB36BC8152967FC272258C4733F291B615DEAF2467D231E11 ] NVSvc           C:\WINDOWS\system32\nvsvc64.exe
14:41:36.0015 0x01ac  NVSvc - ok
14:41:36.0046 0x01ac  [ F8160AC8AE516A33221427C2353A7D12, B47DE09882E0D3F6A6ACD40EBA75103C19DEDFD3276C5A45D8462AD07A7C6E65 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:41:36.0125 0x01ac  ohci1394 - ok
14:41:36.0171 0x01ac  [ 7DDAA09186DA9F1D304E819B5A6BBC5A, 274FD7391E81642F022045A2472283942CB9278B61D640575942E6D0A2FC2297 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:41:36.0234 0x01ac  Parport - ok
14:41:36.0234 0x01ac  [ 5F9A703240468A0C35A629D17FFCA847, 9D5EBB415C17E79B5DA1281F2B5AFA2AC20645108DD514BE60F7DDD72F7D239E ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:41:36.0296 0x01ac  PartMgr - ok
14:41:36.0312 0x01ac  [ 5B2C8D6971D8DF4937C2FA013CD4C00D, DF679B09318EF922DB5F2DD55DEADE60C29C038B70A8EA470BA5C11B041D9CBF ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:41:36.0375 0x01ac  PCI - ok
14:41:36.0375 0x01ac  [ F1978C7849A0047306DB3B8BB94F0764, 4423A89C71CF1C4DE1670B7B8BAAA03E66FEC1F76470E6F1FE3C9BD1F83D87C5 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:41:36.0437 0x01ac  PCIIde - ok
14:41:36.0484 0x01ac  [ 037F3A19F49A4C6A320C4154EBD6EE9D, CEF1860D8DD031FA69A6FADD62A91C11EAF98109082906436CCFCBAC7F32C21B ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:41:36.0546 0x01ac  Pcmcia - ok
14:41:36.0546 0x01ac  PDCOMP - ok
14:41:36.0546 0x01ac  PDFRAME - ok
14:41:36.0546 0x01ac  PDRELI - ok
14:41:36.0546 0x01ac  PDRFRAME - ok
14:41:36.0578 0x01ac  [ 1E07EE3F50DFF2FE9B0A9D196E82698F, 34527011E240255179F6C40DA3DF9AACBA9A6AE14E19172D12AA38DB096D88EE ] PlugPlay        C:\WINDOWS\system32\services.exe
14:41:36.0578 0x01ac  PlugPlay - ok
14:41:36.0640 0x01ac  [ 5261A2FD55183AC6993145AB6662CDDF, 996358C80674B1310B3C42BB45254AFC7FF90F12176FE76EF3C930D6D3C647FE ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:41:36.0687 0x01ac  Pml Driver HPZ12 - ok
14:41:36.0718 0x01ac  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:41:36.0718 0x01ac  PolicyAgent - ok
14:41:36.0765 0x01ac  [ E176F640EE6BF550F61FAA9CE9A683F4, 52218543EC0265275C1E47A356EABAA3DD6A4B92D1394B939EB5A061DC8143BD ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:41:36.0812 0x01ac  PptpMiniport - ok
14:41:36.0812 0x01ac  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:41:36.0812 0x01ac  ProtectedStorage - ok
14:41:36.0812 0x01ac  [ 01AAE06E543C0956AC247546A8F2DAFE, 9E42997B145A8071D1FF0A80D9978001E84CD639541117DE36C1766B7F3418E2 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:41:36.0875 0x01ac  PSched - ok
14:41:36.0921 0x01ac  [ 35E39A969D227C2A56C1DC98361D8E35, A8F6135798D562EF21F8A546CD7C7A48C88AC8CC51BE24DCEA9B3233DDA48F3A ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:41:36.0984 0x01ac  Ptilink - ok
14:41:36.0984 0x01ac  [ D646A315E6386DAC1D96C8CE8A4BFEE7, 2DCCFDC6A390AD6938957A9CA80CF4B76FC3CE3211D707E43CE2C9AADE101CFD ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:41:37.0031 0x01ac  RasAcd - ok
14:41:37.0078 0x01ac  [ 3F573D0C001B982C3180860366783BC0, D059C7298717513B5F8086E5C1FC83FB8E1D053E60D4F3A4E1B8BBD668560F3D ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:41:37.0125 0x01ac  RasAuto - ok
14:41:37.0156 0x01ac  [ D81FDC53EE9C0F68D709E504342D1D74, 9C0224B1D0D3672AD737EE7F15BC32938B37F75840ECAABCCBAE82D6518C0BDB ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:41:37.0187 0x01ac  Rasl2tp - ok
14:41:37.0250 0x01ac  [ 47F7838F77A42F85C763899AB1B77D14, A21A653135A4AF028D4216F4CB3B2891F283AF7ACEEC1FCD929CE0703C952165 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:41:37.0281 0x01ac  RasMan - ok
14:41:37.0296 0x01ac  [ 31FA5AB662C58CC5CF92396224F6B29A, E6279EF4F6A78EC17F0B10A446AF476C005FC4F9FE41057E540B2505B831EFE2 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:41:37.0375 0x01ac  RasPppoe - ok
14:41:37.0375 0x01ac  [ 701493F9A6EDE759AF8D3FA7C08BAB3B, 2659B1F99BCECDD760E808439B8AAFE67301CCF0A0B7D581E5950B3515B62E31 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:41:37.0437 0x01ac  Raspti - ok
14:41:37.0484 0x01ac  [ F1C8347F0E437E145B2E30A6F29E45BD, D9F8B85609B1AFB2AC88CCC524D6E082BC5F2E8943F64AEDE3B2D94A2DB9A9BF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:41:37.0562 0x01ac  Rdbss - ok
14:41:37.0562 0x01ac  [ C013379D04060318C3B2E4967D82739A, DB7092052C44D103C4AF4792742F9701A33BBF0C8FFEF29A86CBDBCF470B2F75 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:41:37.0625 0x01ac  RDPCDD - ok
14:41:37.0687 0x01ac  [ 0482A9BE0BE2098A12A61464306BF24B, 2F42ADB978F20888BC985F65FA9673C25BB02F6550CE3BCBBBAFA92B788EC0CE ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:41:37.0734 0x01ac  rdpdr - ok
14:41:37.0781 0x01ac  [ 7B586DB3E86E407F6A43E83586AF4F32, CCDA4E20096B2F9B52F5C7108EC5BDECE518EB6901D87D19FACA5B72776B70C7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:41:37.0859 0x01ac  RDPWD - ok
14:41:37.0890 0x01ac  [ A72BE0B07655141AB4EABECF0D66528A, F92EAD99AA7B903442EB22150D5C6ABE50347C843005A6C4DD47D025E4FBD905 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:41:37.0937 0x01ac  RDSessMgr - ok
14:41:37.0953 0x01ac  [ 1D793394201000D2D56E848C18FE9A62, 18B876699CEBA83A1926E04C9C4EDEC9982D8C79A419EA0E181AC9588F391A07 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:41:38.0000 0x01ac  redbook - ok
14:41:38.0046 0x01ac  [ 60C8A5D4954CCE7D280369DFF5068019, 1F7E437B3CD0A576875863A945B6015899B63A29FADB7B74D7091C8F5044C395 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:41:38.0093 0x01ac  RemoteAccess - ok
14:41:38.0156 0x01ac  [ B2D55CE8C7C946C625B687F75040AD3F, 8BBCFB5765E42DA638681A659FEC67C3C5BE784575FAFEA9D729F7908DF3B120 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:41:38.0187 0x01ac  RemoteRegistry - ok
14:41:38.0218 0x01ac  [ 809785CF7BE1B857F3B52D9B1AF10817, BB37B37F0B31FD0C3CE6159C7D7615FE3C27B2B1DE6847DBC20993EB11CB142E ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:41:38.0250 0x01ac  RpcLocator - ok
14:41:38.0312 0x01ac  [ A6130365606F3D6332B014FC3DA931AA, 80A81A3D351305EAD11B90C35F06D20035328FF802A628F91DB8DD8CB424AEEF ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:41:38.0328 0x01ac  RpcSs - ok
14:41:38.0359 0x01ac  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:41:38.0359 0x01ac  SamSs - ok
14:41:38.0375 0x01ac  [ A2069FFA2A6FEBB3818F180373C84A89, 5BA399793247AF1BC2B8C8A417211EF5D4FC9C126496E5692E5D0C08BD38D512 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:41:38.0406 0x01ac  SCardSvr - ok
14:41:38.0453 0x01ac  [ 71CD398385835C08613C65E5BF91E7FA, C43407F43557B8B3F43C76245DD18C66155D3D0B4B020A061C052C7B9B615C4C ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:41:38.0515 0x01ac  Schedule - ok
14:41:38.0546 0x01ac  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:41:38.0546 0x01ac  Secdrv - ok
14:41:38.0562 0x01ac  [ B4E054549321372D995E4DB9A5304E77, 8D3FF430963AFEDF8388CD23B4C63ABF62F3419B8084F0FC30D7068FCBCFC257 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:41:38.0593 0x01ac  seclogon - ok
14:41:38.0687 0x01ac  [ 8277D116C2323E326EA6CFB3BCF5B828, BE5F0A8D878F57D4EE278748881154F829BBA09DE922E0B34A371B6B961330E5 ] SenFiltService  C:\WINDOWS\system32\drivers\Senfilt.sys
14:41:38.0781 0x01ac  SenFiltService - ok
14:41:38.0796 0x01ac  [ 222C0A6C354D6A90700956C60574A09A, 1D44DF7A052B7CD8D220A453D8ECCF39FC74D126B94C5B2AE36EA56C821DB642 ] SENS            C:\WINDOWS\system32\sens.dll
14:41:38.0828 0x01ac  SENS - ok
14:41:38.0843 0x01ac  [ C0DC97399576FCCFF5FE877EC2D8DACC, 0AED50A4D99161FC66B323606D13F08ED4556ACD18E5EDE1E030EB5FECF03D1E ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
14:41:38.0890 0x01ac  Serial - ok
14:41:38.0921 0x01ac  [ C6EACC8920A31B8D5842D1F7A28E2113, 8883115F406A4A8588DD9E8ED6E9ED7ED4AFF9DFDBE8B391C0D9AEBE187DD27D ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:41:38.0968 0x01ac  Sfloppy - ok
14:41:39.0031 0x01ac  [ 15DE8EAE99A0F4E313E83ABA5B849FAA, 40B71B533761943CB903E44DB1BD57AD25A9B05500A6CCD5041A496C66601BA7 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:41:39.0093 0x01ac  ShellHWDetection - ok
14:41:39.0093 0x01ac  Simbad - ok
14:41:39.0156 0x01ac  [ 17EC29105989101DB536C49E1279A0EB, 7B8D96703584DCBF94802B18C8A601D806DB2D3DA4EA0D33AA4C268C9C06467F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:41:39.0187 0x01ac  splitter - ok
14:41:39.0250 0x01ac  [ 206FD327B4AAD3AEAA8E0D7D03F2044A, 343B9D3A06F077C1227829DAEC5953BC887467536D4B6DEC0E719E6003DDD70D ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:41:39.0281 0x01ac  Spooler - ok
14:41:39.0328 0x01ac  [ DAE1D5553D42A06034001D6EF4F5CB36, CAD426CCD2BFE81F7B13D2777F699CFE9F7708FFE768BBB618C78601D4AD99CA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:41:39.0390 0x01ac  sr - ok
14:41:39.0437 0x01ac  [ 7B6DA719973755BD091131E53AD6EC23, 2C0D2191ACDF2BA7D5711C6088F28D9478396B6144FBFFECE5B688646A701C62 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:41:39.0468 0x01ac  srservice - ok
14:41:39.0515 0x01ac  [ 2A08328562D0BA596B699EEB90B511D1, 10FE978DCAAAFEA8FB028440D1C1746492597A4B4B99DAC98E9EA87D86E327C3 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:41:39.0593 0x01ac  Srv - ok
14:41:39.0593 0x01ac  [ 94AD81C8EE2385EDDB08C7E34FEDB7A8, 86565EC29AC5CB84B6BA3B482ED2EB743EF11BD53A93EAEDA2400DFCF3F88440 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:41:39.0625 0x01ac  SSDPSRV - ok
14:41:39.0656 0x01ac  [ F6D4F452DB507820F726525A1425F0CC, D5D46951B2B08156ADE2E4B74CAE95345718F9B27208B190FE526D946950A8C2 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:41:39.0734 0x01ac  stisvc - ok
14:41:39.0765 0x01ac  [ 4C673DF67D478322F50124C4A8AB6E1D, 116FAFBF9986415A88716B507FEA6EF721F1251CAA63E4A37A2324A874384A9D ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
14:41:39.0812 0x01ac  SWDUMon - ok
14:41:39.0843 0x01ac  [ B6536185FEEB8F0C86AD3BF2FBAB4F2F, D9E2935B3C1D3326E5BCC2F8C8D65D72B453D60E5E702812383256606B69D414 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:41:39.0890 0x01ac  swenum - ok
14:41:39.0953 0x01ac  [ 8E9E35B36A27AD154A5F92397CDE343C, EDB9F8B366D8CDEB26CB0C669559829D7D7522F8EC673CE5F53A7858B78AA17B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:41:40.0015 0x01ac  swmidi - ok
14:41:40.0265 0x01ac  [ 2E54746998139CB708B83974F1AC09F3, 167CA13C072DFFD094C230B8466823B63A09B6015C5D827D0A2C174519DBC771 ] swprv           C:\WINDOWS\System32\swprv.dll
14:41:40.0468 0x01ac  swprv - ok
14:41:40.0468 0x01ac  symc8xx - ok
14:41:40.0468 0x01ac  symmpi - ok
14:41:40.0484 0x01ac  sym_hi - ok
14:41:40.0484 0x01ac  sym_u3 - ok
14:41:40.0562 0x01ac  [ 2E843F129DAF4C789DF7ACD40E26208F, A7B8B46AA5E72B43142E2D59E49DE908FEF3FFBD2E54D1AF1B0CCA8142462009 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:41:40.0640 0x01ac  sysaudio - ok
14:41:40.0718 0x01ac  [ D3FFFEA8C94BA3C1CEAC9694AC390472, E777300694BF46F6E988CEE703144E079B1AC2D4DF1E59FDCEEED4E2DC157B51 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:41:40.0750 0x01ac  SysmonLog - ok
14:41:40.0906 0x01ac  [ FAFEFC85FC929B81571BFF315C93E299, 830BEB95F7259305B6ED0FD064533E3757D6B0C53D9038034AC8953E3C95DE9F ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:41:40.0937 0x01ac  TapiSrv - ok
14:41:41.0187 0x01ac  [ 34D970B38E9E835009E1AD07C5422B58, 54E2B65ACBC474CC625F9CE15182B9F8F064DEF1B931A936039B8291090B5A9B ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:41:41.0406 0x01ac  Tcpip - ok
14:41:41.0453 0x01ac  [ DA1E9CD22238FA4DB565EF41C7312E1B, 5E858462DBD7557CC8CADA0E5A26F11F1F22829FD29D8A91916F7A384A1D7543 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:41:41.0750 0x01ac  TDPIPE - ok
14:41:41.0796 0x01ac  [ 47D24EBB1C442DCC18D89B8B89BAFB49, BD906AB7C17AC9CCCB551DE51B7354597B9676276C65CBF9F8C9FC97451C6AFF ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:41:41.0921 0x01ac  TDTCP - ok
14:41:41.0968 0x01ac  [ 8AB9AD44907D4C57AD10E175C8720ECF, 279EB8472C15E6BCA2D680B8B6D66C7C0945182B0325A7B999DF5C90B23BDDAA ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:41:42.0109 0x01ac  TermDD - ok
14:41:42.0296 0x01ac  [ F4849A4962779132B02CA4BBF696F434, 7D3A81E2B8006E8B733C0B85E4586DEA19D18707DBF433DFAB636FF221BAA938 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:41:42.0328 0x01ac  TermService - ok
14:41:42.0421 0x01ac  [ 15DE8EAE99A0F4E313E83ABA5B849FAA, 40B71B533761943CB903E44DB1BD57AD25A9B05500A6CCD5041A496C66601BA7 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:41:42.0437 0x01ac  Themes - ok
14:41:42.0531 0x01ac  [ 0FDF294D30CA53391485132854151B26, 6CD8BDDEC3B712C65E71964375565EE7DB60E77D1809FBDA85DE3B0C0B190F34 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:41:42.0640 0x01ac  TlntSvr - ok
14:41:42.0640 0x01ac  TosIde - ok
14:41:42.0703 0x01ac  [ 483FFCD8E5080198D87EEED44246E6A9, 769748087408A515B865079BE3FAE3BF1F483A750EB376509844FC787AB6ADEC ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:41:42.0828 0x01ac  TrkWks - ok
14:41:42.0875 0x01ac  [ A6DD2DFCC44EC61D18AA645620CD8F63, 74B4BBBAD1955CED21F14C9AAB19805689FA077B6BFACDD4C12B45D4C78A9DBB ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:41:43.0000 0x01ac  Udfs - ok
14:41:43.0000 0x01ac  ultra - ok
14:41:43.0062 0x01ac  [ C306CEA0F1477240A5D9A7E61DB2F3E1, 42B6F3A344B3851A0A4531793A54E3F1E4035497B4878CC74B828774CCE4E4F3 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
14:41:43.0093 0x01ac  UMWdf - ok
14:41:43.0265 0x01ac  [ 1446762923434D2A9C315325CF4770C8, 6FE7368615F3A40CC402E44F53534E285C95921EA5B056E03057BA13CCA73A82 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:41:43.0531 0x01ac  Update - ok
14:41:43.0656 0x01ac  [ 78C605CB6E0CE966D3347FF7CAF3F8AC, 2C9897035C927F7FC4180848062CE11DBFF8E1CFB352A7DA7204E5C8A06848DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:41:43.0890 0x01ac  upnphost - ok
14:41:43.0937 0x01ac  [ 3EC1501AA03CECD66ED093428FBC8B0E, A54797051FF44765BA62BA9F71B3F4D6E0E3494DBA193930AE88D7A3CCBEE503 ] UPS             C:\WINDOWS\System32\ups.exe
14:41:43.0984 0x01ac  UPS - ok
14:41:44.0031 0x01ac  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\WINDOWS\system32\Drivers\usbaapl64.sys
14:41:44.0187 0x01ac  USBAAPL64 - ok
14:41:44.0250 0x01ac  [ 35AA2A9FFD53B0704A2B9F96AD8A499F, 2874A3232D01A1306335A39F028C5C63BAFF72089A36EE75E33F1CBB0D3A4203 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:41:44.0328 0x01ac  usbccgp - ok
14:41:44.0375 0x01ac  [ C98711361F5A79E891B223256CF77333, 7772D20E1A62AE7A6A4A8CEB0B7975ED327473D68B6D0532C098BA9F1A392C48 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:41:44.0453 0x01ac  usbehci - ok
14:41:44.0515 0x01ac  [ D63CB1B59D54F9C2BB8A4107584A664F, 92B1744EB8FFB6BD5C8502508825C8D88F94EF76ED119937A4A791D2EA030198 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:41:44.0578 0x01ac  usbhub - ok
14:41:44.0640 0x01ac  [ 5E49C7923AB1101A2729B5B201ADB064, 44233A13F08A4A00FFC064F5F965FADFA3A7F9E5C8F98E1326C81171603C8ECE ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:41:44.0687 0x01ac  usbohci - ok
14:41:44.0750 0x01ac  [ 040F6F425A6CC4FB156470502CAFB31B, 83665F72188F2AACF34A3333BE7AB2DCA36EB2209121BC8CD5E5A6E1332EC439 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:41:44.0812 0x01ac  usbprint - ok
14:41:44.0828 0x01ac  [ B1E6205AD6D78940A3B94EB26C68A4CA, 64A9A4FC4096E06DC8947B427FBA0ECF4EC57781D625D27AF93CAB098781D377 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:41:44.0890 0x01ac  usbscan - ok
14:41:44.0921 0x01ac  [ EDCE8A162E8023FD1751E08E23E41948, 6BFCEC240F243FA213D844D0A0A736BC96DDC57CE2FF5AB0A93A70FE5B91CDCA ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:41:44.0968 0x01ac  USBSTOR - ok
14:41:45.0031 0x01ac  [ B1E327AEA4ECF42DDF7C579B0FB0DE4C, BADE3BB0B11E5ECC9F98726AB9ABEAF6BFB9416B31F2E6A6D5FBBB1656BDD8C9 ] vds             C:\WINDOWS\System32\vds.exe
14:41:45.0093 0x01ac  vds - ok
14:41:45.0109 0x01ac  [ B40CFD2FFDD838B0CE0C35EE449407BD, E5ABAA0DC1E55B71522A908287820FB91B2ED554A1F1D45CA3FBEE59C674F77E ] vga             C:\WINDOWS\system32\DRIVERS\vgapnp.sys
14:41:45.0156 0x01ac  vga - ok
14:41:45.0187 0x01ac  [ 78EBFE6F11F10DB8237B910E9158CA91, E2F6EC862C80F6C6CEAEE586659A99C725B9EB8C786CB0A9E51F36946523D8BD ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:41:45.0250 0x01ac  VgaSave - ok
14:41:45.0250 0x01ac  ViaIde - ok
14:41:45.0296 0x01ac  [ 941D45C8A14B2B1E8A57D0EEF6A98AEB, 50BDB18C6CD4B12EAB321B502202B959C7A88FCAAE87F88801E3155A18A8B392 ] VolSnap         C:\WINDOWS\system32\DRIVERS\volsnap.sys
14:41:45.0375 0x01ac  VolSnap - ok
14:41:45.0468 0x01ac  [ 0A05DE966B412D6289632AC05FC6ADA2, BB6E46415DDD45F62842D328D53B704A39D119283E3794F4C98DC64C324DE622 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:41:45.0546 0x01ac  VSS - ok
14:41:45.0593 0x01ac  [ 6FE371026674BAF189F7A81746A67C87, 51BD0AF47ED0CA9769017EE1777D94C2314094BFC90291C87C0BB32C31246271 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:41:45.0656 0x01ac  W32Time - ok
14:41:45.0703 0x01ac  [ D2A01D73FE4A455C1D741B48C56763B2, 4BE09FF135A64A17C505C15C8F5DCB04C61BF43CA5C0C6530AD25B46C91B7C1D ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:41:45.0750 0x01ac  Wanarp - ok
14:41:45.0750 0x01ac  WDICA - ok
14:41:45.0812 0x01ac  [ DAFF7E89C84079022B9606F83E1BD29A, 7DEB90751776F6BD5578746738531FD8F1E5E149689D8766620DC1383559EAF9 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:41:45.0843 0x01ac  wdmaud - ok
14:41:45.0859 0x01ac  [ FE8590FA0367A29BC7ED7BFC4962AD1C, DA18DD579D2AD183A8ACF63416F67890575F5E26438F311E0D70EFA1418ACF09 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:41:45.0906 0x01ac  WebClient - ok
14:41:45.0921 0x01ac  WinHttpAutoProxySvc - ok
14:41:46.0015 0x01ac  [ 881271D649E778690A365D73B8958509, 33450D9174FDABEC3D504AA4B8E7C3F051A97976E24276047F9A6758837F90A1 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:41:46.0078 0x01ac  winmgmt - ok
14:41:46.0109 0x01ac  [ 81E883CE0157B97E9D762E449E50D69F, DBC46E51F44F607B86BEDF2B9434759CBF38832AFCC758490A33A5E6F6A30788 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:41:46.0140 0x01ac  WmdmPmSN - ok
14:41:46.0203 0x01ac  [ B51966DB20D5C700228DFE222FDF9E67, 1AF870EC0CB2D364A836F3106540FF01BB9C7720C2240AA31DDA32C8925122D0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:41:46.0218 0x01ac  Wmi - ok
14:41:46.0265 0x01ac  [ 56980BE8B5A6861B5D9175EABA8AC7DC, BC47558AA9C9F282A9EFAADF9DC2D9C454FBE48A87AF9AE9EF5EA07139354061 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:41:46.0312 0x01ac  WmiApSrv - ok
14:41:46.0343 0x01ac  [ 4A59D22B86EDF8306810FA10C58368C7, 7C12832318B2CF2AFFF67C5EF1DF5B62BDD558932D21A4F8602825ACFFB6B1FA ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
14:41:46.0390 0x01ac  WpdUsb - ok
14:41:46.0468 0x01ac  [ B42B9D8ABC18DFBCD6044BC10B3A9B99, FD00756DADD3BFC382FC80D7D1D25592385E647C7EAC318C154E949A51D9DC27 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:41:46.0531 0x01ac  WPFFontCache_v0400 - ok
14:41:46.0578 0x01ac  [ 13C901A30B4C248D640C4F32919CB920, 8D63355D32BD0D850E1ED2C7C19FD63BCBF16D226E9540A82FE3848EE3BFC0C1 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:41:46.0625 0x01ac  WS2IFSL - ok
14:41:46.0671 0x01ac  [ EF7576AF44B484F7A3E6072D633BAB34, 03736A1CD63857BB9C1422DFCE66232FE3E76DD92EA4BC708A7EAD79DE639772 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:41:46.0703 0x01ac  wuauserv - ok
14:41:46.0781 0x01ac  [ F4EC5C736BBA9A27F9C36412C930B386, 51820C6FC8E865D4927EC8DADC435A70B2554195CF8DC226CE6A7FBDDA697CD4 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:41:46.0859 0x01ac  WZCSVC - ok
14:41:46.0906 0x01ac  [ A1ABA5A0B4F1FF9B83C50F92F8C080A2, 757A3F939DA878921BB23CD9560A33AD15E91A9718A132EECB61EF3D45506959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:41:46.0953 0x01ac  xmlprov - ok
14:41:47.0093 0x01ac  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
14:41:47.0156 0x01ac  {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
14:41:47.0156 0x01ac  ================ Scan global ===============================
14:41:47.0203 0x01ac  [ 2AE60E46216266CDC9E20886E4CE3281, 25192BDD2098853D401A109C5E983C7DC086B30983F19ED53ACB70F37412FBA2 ] C:\WINDOWS\system32\basesrv.dll
14:41:47.0312 0x01ac  [ 09AC0851FE16DDB82224E970ED3F4817, 89ADD2538CC3B1C75A4E8AA7A9EF6CC4B0200F82F1FF47505D9311B99937480E ] C:\WINDOWS\system32\winsrv.dll
14:41:47.0390 0x01ac  [ 09AC0851FE16DDB82224E970ED3F4817, 89ADD2538CC3B1C75A4E8AA7A9EF6CC4B0200F82F1FF47505D9311B99937480E ] C:\WINDOWS\system32\winsrv.dll
14:41:47.0421 0x01ac  [ 1E07EE3F50DFF2FE9B0A9D196E82698F, 34527011E240255179F6C40DA3DF9AACBA9A6AE14E19172D12AA38DB096D88EE ] C:\WINDOWS\system32\services.exe
14:41:47.0421 0x01ac  [ Global ] - ok
14:41:47.0421 0x01ac  ================ Scan MBR ==================================
14:41:47.0453 0x01ac  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:41:47.0656 0x01ac  \Device\Harddisk0\DR0 - ok
14:41:47.0656 0x01ac  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:41:47.0671 0x01ac  \Device\Harddisk1\DR1 - ok
14:41:47.0671 0x01ac  ================ Scan VBR ==================================
14:41:47.0671 0x01ac  [ 1B909CD5897F3D9D26CE9AA31C8FE921 ] \Device\Harddisk0\DR0\Partition1
14:41:47.0687 0x01ac  \Device\Harddisk0\DR0\Partition1 - ok
14:41:48.0078 0x01ac  ============================================================
14:41:48.0078 0x01ac  Scan finished
14:41:48.0078 0x01ac  ============================================================
14:41:48.0093 0x0a80  Detected object count: 0
14:41:48.0093 0x0a80  Actual detected object count: 0
 


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 03 April 2014 - 03:39 PM

Thank you Tracy,

Let's run this please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users