Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.win32.Necurs infection Please help


  • This topic is locked This topic is locked
24 replies to this topic

#1 Zonda787

Zonda787

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 14 August 2014 - 05:33 AM

Hi,

 

Thanks for your great forum and service.

 

We have an old PC that is used by young and old and it seems to have been infected recently. Unfortunately it has been a far too neglected from a security and updates POV and hence our current situation. While most of the time we do use our mobiles/tablets, the PC is still quite important for other tasks so we'd very much appreciate any help in resolving this matter.

 

Essentially, it started playing up a few days ago. Memory usage went to the max and many sites weren't loading. We then understood what was happening after receiving an email from our ISP stating that our IP address has been sending out spam and an anti spam organisation had made a complaint. We immediately disconnected the PC from the internet.

 

Since then we found another thread on your forum that suggested to run the dds program, followed by adwcleaner and TDSSkiller. We have done all that and included the logs below.

 

Please let us know if there are any other programs that we need to run. Thanks again for your kind service.

 

==================

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 6.0.2900.2180  BrowserJavaVersion: 10.2.0

Run by N at 17:15:34 on 2014-08-14

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\AutoSizer\AutoSizer.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

uProxyServer = 64.27.19.152:80

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {E5A1691B-D188-4419-AD02-90002030B8EE} - c:\program files\flashfxp\IEFlash.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [PCDrProfiler] <no file>

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Convert and Open - c:\progra~1\camtech\conver~1\ConvertIt.htm

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: Interfaces\{6E44DB1E-5389-4829-A7E8-2735B8252486} : NameServer = 203.0.178.191,203.12.160.36

TCP: Interfaces\{D1ED57DB-54BC-4A28-882E-3073C1B6101A} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

TCP: Interfaces\{D819518C-48E9-4AC0-8A09-27534F98A1EB} : NameServer = 203.0.178.191,61.88.88.88

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mugen\application data\mozilla\firefox\profiles\jdest6fm.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\java\jre7\bin\npjpi170_02.dll

FF - plugin: c:\program files\java\jre7\bin\npoji610.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Download YouTube Videos as MP4: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

FF - Ext: Flash Video Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2014-08-14 06:01:11 -------- d-----w- C:\AdwCleaner

2014-08-10 08:36:36 -------- d-----w- c:\windows\system32\MpEngineStore(2)

2014-08-10 08:22:19 -------- d-----w- c:\documents and settings\n\local settings\application data\NPE

2014-08-10 08:22:18 -------- d-----w- c:\documents and settings\all users\application data\Norton

2014-08-07 01:53:41 37248 ----a-w- c:\windows\system32\drivers\a41a87abfe7b5de1.sys

.

==================== Find3M  ====================

.

.

============= FINISH: 17:16:09.06 ===============

 



BC AdBot (Login to Remove)

 


#2 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 14 August 2014 - 05:39 AM

# AdwCleaner v3.305 - Report created 14/08/2014 at 16:04:57

# Updated 14/08/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)

# Username : N - HPMediaCenter1

# Running from : C:\Documents and Settings\N\My Documents\troj problem\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

File Deleted : C:\Documents and Settings\HP_Administrator\Favorites\eBay.lnk

 

***** [ Scheduled Tasks ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0E899AB-F487-11D5-8D29-0050BA6940E3}]

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\OpenCandy

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v6.0.2900.2180

 

-\\ Mozilla Firefox v3.5.7 (en-GB)

[ File : C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\prefs.js ]

 

*************************

 

AdwCleaner[R0].txt - [1292 octets] - [14/08/2014 16:02:50]

AdwCleaner[S0].txt - [1225 octets] - [14/08/2014 16:04:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1285 octets] ##########



#3 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 14 August 2014 - 05:49 AM

16:29:32.0828 0x09b4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

16:29:33.0359 0x09b4  ============================================================

16:29:33.0359 0x09b4  Current date / time: 2014/08/14 16:29:33.0359

16:29:33.0359 0x09b4  SystemInfo:

16:29:33.0359 0x09b4 

16:29:33.0359 0x09b4  OS Version: 5.1.2600 ServicePack: 2.0

16:29:33.0359 0x09b4  Product type: Workstation

16:29:33.0359 0x09b4  ComputerName: HPMediaCenter1

16:29:33.0359 0x09b4  UserName: N

16:29:33.0359 0x09b4  Windows directory: C:\WINDOWS

16:29:33.0359 0x09b4  System windows directory: C:\WINDOWS

16:29:33.0359 0x09b4  Processor architecture: Intel x86

16:29:33.0359 0x09b4  Number of processors: 2

16:29:33.0359 0x09b4  Page size: 0x1000

16:29:33.0359 0x09b4  Boot type: Normal boot

16:29:33.0359 0x09b4  ============================================================

16:29:33.0359 0x09b4  BG loaded

16:29:34.0375 0x09b4  System UUID: {F7AFDD7A-865D-5D16-4ABA-C11DF32B9AAB}

16:29:37.0937 0x09b4  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:29:37.0953 0x09b4  ============================================================

16:29:37.0953 0x09b4  \Device\Harddisk0\DR0:

16:29:37.0968 0x09b4  MBR partitions:

16:29:37.0968 0x09b4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C115241

16:29:37.0968 0x09b4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x1C119141, BlocksNum 0x10AB440

16:29:37.0968 0x09b4  ============================================================

16:29:38.0109 0x09b4  C: <-> \Device\Harddisk0\DR0\Partition1

16:29:38.0406 0x09b4  D: <-> \Device\Harddisk0\DR0\Partition2

16:29:38.0406 0x09b4  ============================================================

16:29:38.0406 0x09b4  Initialize success

16:29:38.0406 0x09b4  ============================================================

16:30:47.0281 0x0b84  ============================================================

16:30:47.0281 0x0b84  Scan started

16:30:47.0281 0x0b84  Mode: Manual; SigCheck; TDLFS;

16:30:47.0281 0x0b84  ============================================================

16:30:47.0281 0x0b84  KSN ping started

16:30:47.0296 0x0b84  KSN ping finished: false

16:30:51.0609 0x0b84  ================ Scan system memory ========================

16:30:51.0609 0x0b84  System memory - ok

16:30:51.0609 0x0b84  ================ Scan services =============================

16:30:51.0843 0x0b84  [ DAA56817EEE5AFD8F1EF608763D6FAD9, 60499EC0B631C6A5B19D24BE10443A571E6AA9F562FBAA3833988E7EA4ACDAC1 ] 3xHybrid        C:\WINDOWS\system32\DRIVERS\3xHybrid.sys

16:30:52.0328 0x0b84  3xHybrid - ok

16:30:52.0437 0x0b84  Suspicious service (NoAccess): a41a87abfe7b5de1

16:30:52.0484 0x0b84  [ DD6141ACB2E5DC8899F1721D3AE48B4D, AEEBA673529D0CBD34F60425445B90D07AE34DC28EA560F0CC8AB0BF1DAEF491 ] a41a87abfe7b5de1 C:\WINDOWS\System32\Drivers\a41a87abfe7b5de1.sys

16:30:52.0484 0x0b84  Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\a41a87abfe7b5de1.sys. md5: DD6141ACB2E5DC8899F1721D3AE48B4D, sha256: AEEBA673529D0CBD34F60425445B90D07AE34DC28EA560F0CC8AB0BF1DAEF491

16:30:52.0546 0x0b84  a41a87abfe7b5de1 - detected Rootkit.Win32.Necurs.gen ( 0 )

16:30:52.0656 0x0b84  a41a87abfe7b5de1 ( Rootkit.Win32.Necurs.gen ) - infected

16:30:52.0656 0x0b84  Force sending object to P2P due to detect: a41a87abfe7b5de1

16:30:52.0671 0x0b84  Object send P2P result: false

16:30:52.0671 0x0b84  Abiosdsk - ok

16:30:52.0687 0x0b84  abp480n5 - ok

16:30:52.0718 0x0b84  [ A10C7534F7223F4A73A948967D00E69B, EBF46FBB4C7C04433E91D95A079354E51A40CC05EAA00A86DEE261AFA81162FC ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:30:53.0140 0x0b84  ACPI - ok

16:30:53.0171 0x0b84  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys

16:30:53.0265 0x0b84  ACPIEC - ok

16:30:53.0421 0x0b84  [ 9915504F602D277EE47FD843A677FD15, 308B8FC957AB70FC982ED1B780A3D106B3E372397468795B2A7E7DF30FBB5760 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:30:53.0484 0x0b84  AdobeFlashPlayerUpdateSvc - ok

16:30:53.0484 0x0b84  adpu160m - ok

16:30:53.0531 0x0b84  [ 841F385C6CFAF66B58FBD898722BB4F0, 0DA17CCA27DF5C7245959249162A5393B2E36B7C9A3A3525AE1371DE6AE698A3 ] aec             C:\WINDOWS\system32\drivers\aec.sys

16:30:53.0625 0x0b84  aec - ok

16:30:53.0656 0x0b84  [ 5AC495F4CB807B2B98AD2AD591E6D92E, F645FAD628EC81C3D2555862BEE8DF3975FD9EAE326885528E773B2F148D70FB ] AFD             C:\WINDOWS\System32\drivers\afd.sys

16:30:53.0781 0x0b84  AFD - ok

16:30:53.0781 0x0b84  Aha154x - ok

16:30:53.0781 0x0b84  aic78u2 - ok

16:30:53.0796 0x0b84  aic78xx - ok

16:30:53.0828 0x0b84  [ C7AE0FD3867DB0D42B03B73C18F3D671, 13AE5D3DD13BC4C0EAB234FC3F87DA918793CE317A07EE37F107C8C6104E0BA9 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

16:30:53.0906 0x0b84  Alerter - ok

16:30:53.0921 0x0b84  [ F1958FBF86D5C004CF19A5951A9514B7, E8DF2330D48E9BF97A7061A84E42CCB2AD197C90FECB56150FB573B4D0C62883 ] ALG             C:\WINDOWS\System32\alg.exe

16:30:53.0968 0x0b84  ALG - ok

16:30:53.0968 0x0b84  AliIde - ok

16:30:53.0968 0x0b84  amsint - ok

16:30:54.0109 0x0b84  [ 4B5AE15E5C73EB4DC8DBEC2788230D41, E3C69EBDFE979387EFB115971F68C9539BD9C6944F3AE4D356AA6AC814F19D76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

16:30:54.0109 0x0b84  Apple Mobile Device - ok

16:30:54.0140 0x0b84  [ 9C3C12975C97119412802B181FBEEFFE, A20B1557702B2178354710823659E1E89E5C641C018CF964D95D481716B920B3 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

16:30:54.0203 0x0b84  AppMgmt - ok

16:30:54.0234 0x0b84  [ F0D692B0BFFB46E30EB3CEA168BBC49F, 745BE951F18C90FCD30C9A59BB861375C29FA49AF38D27EBFE4158FB7CAC86ED ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:30:54.0328 0x0b84  Arp1394 - ok

16:30:54.0343 0x0b84  asc - ok

16:30:54.0343 0x0b84  asc3350p - ok

16:30:54.0343 0x0b84  asc3550 - ok

16:30:54.0468 0x0b84  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:30:54.0515 0x0b84  aspnet_state - ok

16:30:54.0562 0x0b84  [ 02000ABF34AF4C218C35D257024807D6, FDE21F7FCB198A44A6F2BCAF5EB11C9D90A094B4A2F8C307244A7655848954DA ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:30:54.0656 0x0b84  AsyncMac - ok

16:30:54.0687 0x0b84  [ CDFE4411A69C224BD1D11B2DA92DAC51, 0E6B23A80F171550575BEBC56F7500CD87A5CF03B2B9FDC49BC3DE96282CD69D ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

16:30:54.0765 0x0b84  atapi - ok

16:30:54.0781 0x0b84  Atdisk - ok

16:30:54.0812 0x0b84  [ EC88DA854AB7D7752EC8BE11A741BB7F, 91FAF224CB4B44608C85CC25C3A82A3EC83F379D14A119A60A75505A30043255 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:30:54.0906 0x0b84  Atmarpc - ok

16:30:54.0937 0x0b84  [ DB66DB626E4882EBEF55F136F12C1829, E4FA63031E8FCF456D45160C29ADD0989355D5C5C8E17C949C278421D41DAB62 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

16:30:55.0046 0x0b84  AudioSrv - ok

16:30:55.0062 0x0b84  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

16:30:55.0140 0x0b84  audstub - ok

16:30:55.0171 0x0b84  [ 7270D070173B20AC9487EA16BB08B45F, 4097AFCF91F1B3DCEFF388009605145ED2B319695BCEB85FF62ADA07087191D9 ] bb-run          C:\WINDOWS\system32\DRIVERS\bb-run.sys

16:30:55.0203 0x0b84  bb-run - ok

16:30:55.0218 0x0b84  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

16:30:55.0312 0x0b84  Beep - ok

16:30:55.0375 0x0b84  [ 2C69EC7E5A311334D10DD95F338FCCEA, 3A4335B8D723311F66FA2A30972C65EEED63161D6A2B4ABD6FCF1C374083BC0F ] BITS            C:\WINDOWS\system32\qmgr.dll

16:30:55.0578 0x0b84  BITS - ok

16:30:55.0625 0x0b84  [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:30:55.0640 0x0b84  Bonjour Service - ok

16:30:55.0671 0x0b84  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8, DDFCCB3BC9A840ED0D6FC4B46086AD15AAF9D0D9AB8ED3A7B8860A1DA4D33970 ] Browser         C:\WINDOWS\System32\browser.dll

16:30:55.0750 0x0b84  Browser - ok

16:30:55.0781 0x0b84  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

16:30:55.0781 0x0b84  BVRPMPR5 - detected UnsignedFile.Multi.Generic ( 1 )

16:30:55.0781 0x0b84  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning

16:30:55.0781 0x0b84  Force sending object to P2P due to detect: BVRPMPR5

16:30:55.0781 0x0b84  Object send P2P result: false

16:30:55.0812 0x0b84  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

16:30:55.0906 0x0b84  cbidf2k - ok

16:30:55.0953 0x0b84  [ 6163ED60B684BAB19D3352AB22FC48B2, 5A7ED636D8B2178EA21FA986CC9168DEF258AA4FFB9DCD792A81A1D615AC5D5E ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:30:56.0031 0x0b84  CCDECODE - ok

16:30:56.0031 0x0b84  cd20xrnt - ok

16:30:56.0062 0x0b84  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

16:30:56.0156 0x0b84  Cdaudio - ok

16:30:56.0187 0x0b84  [ CD7D5152DF32B47F4E36F710B35AAE02, 7382890CC1B27FC66C3E94E064562BBD87B3C75577CB0FD10860B8E2CE07D12E ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

16:30:56.0265 0x0b84  Cdfs - ok

16:30:56.0296 0x0b84  [ AF9C19B3100FE010496B1A27181FBF72, 64E9E4461F631EED2B2A1FC80DCC9C31DCECB5738289D322E6A6428C840DC621 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:30:56.0390 0x0b84  Cdrom - ok

16:30:56.0390 0x0b84  Changer - ok

16:30:56.0437 0x0b84  [ 3192BD04D032A9C4A85A3278C268A13A, 7844F229916A9BC8670D3CCF80AD674C626EC6DD9D741FF10986E67F6AFD8757 ] CiSvc           C:\WINDOWS\system32\cisvc.exe

16:30:56.0515 0x0b84  CiSvc - ok

16:30:56.0546 0x0b84  [ C8DEC22C4137D7A90F8BDF41CA4B82AE, 92CE7B388236DBC196C92AE9929433C0F1E045EA5DB86802EF8C6041B56FE81F ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

16:30:56.0625 0x0b84  ClipSrv - ok

16:30:56.0687 0x0b84  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:30:56.0718 0x0b84  clr_optimization_v2.0.50727_32 - ok

16:30:56.0718 0x0b84  CmdIde - ok

16:30:56.0734 0x0b84  COMSysApp - ok

16:30:56.0750 0x0b84  Cpqarray - ok

16:30:56.0781 0x0b84  [ 10654F9DDCEA9C46CFB77554231BE73B, 4EEAF6523941228FC440E9EA758545E2F2A2DD98565F90B5351EF2C9B82139ED ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

16:30:56.0875 0x0b84  CryptSvc - ok

16:30:56.0921 0x0b84  CrystalSysInfo - ok

16:30:56.0921 0x0b84  dac2w2k - ok

16:30:56.0921 0x0b84  dac960nt - ok

16:30:56.0968 0x0b84  [ CE94A2BD25E3E9F4D46A7373FF455C6D, B6015EF5E9E89A05064BB807CC3DF922185EF79CD11243ED59C882182391955A ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

16:30:57.0093 0x0b84  DcomLaunch - ok

16:30:57.0125 0x0b84  [ CB6CA3E5261D65F6F809EED23BF167AA, 48A3CED0556420445329D5910B1411A8E9B2725979C859F89DF5DB23DD100078 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

16:30:57.0218 0x0b84  Dhcp - ok

16:30:57.0250 0x0b84  [ 00CA44E4534865F8A3B64F7C0984BFF0, 3FD73CCD9892F6CFEE776CB384C2E35FA15F4101D308A67E1358F85299501E3D ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

16:30:57.0328 0x0b84  Disk - ok

16:30:57.0468 0x0b84  [ 231E3F765EAB9C8D24FAE13648816C2D, 6779CFF39130036F3D14C7D1FC07AD2176F3C2EC4E406D5317E93A7E64067644 ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

16:30:57.0531 0x0b84  Diskeeper - ok

16:30:57.0578 0x0b84  [ 8E6C1D4D00E81B0199F41FA6DCCEE79B, 5D36474FEACE485D596D78E5390826973A8C0338A5B22629DB70AB31D9E12F53 ] DKRtWrt         C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys

16:30:57.0593 0x0b84  DKRtWrt - ok

16:30:57.0609 0x0b84  dmadmin - ok

16:30:57.0656 0x0b84  [ C0FBB516E06E243F0CF31F597E7EBF7D, 1FC205AC5D8D6BDA176438CEBFAC92CD4DEF50A6C1EBDCBCE2B149FF08D40032 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

16:30:57.0781 0x0b84  dmboot - ok

16:30:57.0843 0x0b84  [ F5E7B358A732D09F4BCF2824B88B9E28, 97B8317354659EFBA076E20AF20741C9FBC0961723483514E43D7EC6D66186C3 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

16:30:57.0937 0x0b84  dmio - ok

16:30:57.0937 0x0b84  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

16:30:58.0046 0x0b84  dmload - ok

16:30:58.0078 0x0b84  [ 1639D9964C9E1B2ECCA95C8217D3E70D, A42E985697E673B89F5BD314BA9FE93A1CD8DDEBC6312AD52E196BFDFFA9E513 ] dmserver        C:\WINDOWS\System32\dmserver.dll

16:30:58.0156 0x0b84  dmserver - ok

16:30:58.0171 0x0b84  [ A6F881284AC1150E37D9AE47FF601267, 6C07654CF21637E527FC727EB50F4138BF0EFF0680000AC94001063B436389DB ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

16:30:58.0265 0x0b84  DMusic - ok

16:30:58.0312 0x0b84  [ 7379DE06FD196E396A00AA97B990C00D, FEF389F2E87FC9EC2AB0F3A9B2D4AF50DC9D023C412274EF2399AEE0615BDFA4 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

16:30:58.0390 0x0b84  Dnscache - ok

16:30:58.0390 0x0b84  dpti2o - ok

16:30:58.0406 0x0b84  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E, B941AB5D9D504486083E0D1539B1A96E27721C9EFD7A67CA1DB7258B0D33AB78 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

16:30:58.0484 0x0b84  drmkaud - ok

16:30:58.0546 0x0b84  [ B0ABABBBE2E61FC916A21182AC2CEFF1, AC2DA4F64FD11AE75D2DBA0B4E2DD0BF72540089589484A5B1C62FF0A0AC18C4 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys

16:30:58.0609 0x0b84  e1express - ok

16:30:58.0687 0x0b84  [ D039A0C347632622934906BD59A4E1EA, ED2C84C4F80295B1738FBF4CDF1C8D7E2EEF3312F6DF7099BF4FC7BF49C0E556 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe

16:30:58.0734 0x0b84  ehRecvr - ok

16:30:58.0765 0x0b84  [ A53243709439AC2A4C216B817F8D7411, AF4624EEA9B165DE873B7D104D1EA3BE9A14BBC5B4CABE26544F90B78689EEF9 ] ehSched         C:\WINDOWS\eHome\ehSched.exe

16:30:58.0781 0x0b84  ehSched - ok

16:30:58.0812 0x0b84  [ 0923AEC043F5D355B4EF0C2B29A362DE, 94A4988E2E9526F5202F8043E47E1D9390D38D074E1F1228CC58816919D1BF0A ] ELacpi          C:\WINDOWS\system32\DRIVERS\ELacpi.sys

16:30:58.0859 0x0b84  ELacpi - ok

16:30:58.0875 0x0b84  [ CBD71E7772F92BFB85CCC302B2DEEFBA, 65E01452F2F41AF72948690E184655BB20AB40E4AC7B34F26FDE575B9F1B10E5 ] ELhid           C:\WINDOWS\System32\Drivers\Elhid.sys

16:30:58.0875 0x0b84  ELhid - detected UnsignedFile.Multi.Generic ( 1 )

16:30:58.0875 0x0b84  ELhid ( UnsignedFile.Multi.Generic ) - warning

16:30:58.0890 0x0b84  [ AC75B576C45D144E146FD1F0576A1F53, F7CAE3B39A7E40A69C92CB7A0D08E60CB852785828F24A9BFD647E3A47B58A4C ] ELkbd           C:\WINDOWS\System32\Drivers\Elkbd.sys

16:30:58.0906 0x0b84  ELkbd - detected UnsignedFile.Multi.Generic ( 1 )

16:30:58.0906 0x0b84  ELkbd ( UnsignedFile.Multi.Generic ) - warning

16:30:58.0906 0x0b84  Force sending object to P2P due to detect: ELkbd

16:30:58.0906 0x0b84  Object send P2P result: false

16:30:58.0906 0x0b84  [ 483CCE5E40137D4E437F4DEF55C80007, 027F3B6750AE7BE80372F8610ABE1E8DDC7CC0B14F83CB274133D77A3BD503A4 ] ELmon           C:\WINDOWS\System32\Drivers\Elmon.sys

16:30:58.0921 0x0b84  ELmon - detected UnsignedFile.Multi.Generic ( 1 )

16:30:58.0921 0x0b84  ELmon ( UnsignedFile.Multi.Generic ) - warning

16:30:58.0921 0x0b84  [ 8E88CAFEAC0812BF2D15BEEEDFCCE8BD, 23C80168A960946DFA09F87A4D5B5C31549F7A07F881C7C90E0B0356B021CEC2 ] ELmou           C:\WINDOWS\System32\Drivers\Elmou.sys

16:30:58.0921 0x0b84  ELmou - detected UnsignedFile.Multi.Generic ( 1 )

16:30:58.0921 0x0b84  ELmou ( UnsignedFile.Multi.Generic ) - warning

16:30:58.0968 0x0b84  [ 47FCF6628E1A221C41F3F0130FBF258E, C413234CF36358F0744E89F317E7B0B79B692339A50AF6B9E19613D0CB06C2C9 ] ELService       C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

16:30:58.0984 0x0b84  ELService - detected UnsignedFile.Multi.Generic ( 1 )

16:30:58.0984 0x0b84  ELService ( UnsignedFile.Multi.Generic ) - warning

16:30:59.0031 0x0b84  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A, 305F39E4D18DC079E48578C31AE87BA1D0D781A2613BD5DA4689AC6F2794D326 ] ERSvc           C:\WINDOWS\System32\ersvc.dll

16:30:59.0125 0x0b84  ERSvc - ok

16:30:59.0171 0x0b84  [ C6CE6EEC82F187615D1002BB3BB50ED4, CEA9C880328205AE3376EB8B005412CB0F8FCE52A71C6F0651EF5F9C193F6E3F ] Eventlog        C:\WINDOWS\system32\services.exe

16:30:59.0250 0x0b84  Eventlog - ok

16:30:59.0281 0x0b84  [ 34BBD9ACC1538818F2C878898C64E793, 4864A462B2881274A3B657D640F553DA2EB53FC1F49CAD23F286B2089871520B ] EventSystem     C:\WINDOWS\system32\es.dll

16:30:59.0296 0x0b84  EventSystem - ok

16:30:59.0328 0x0b84  [ 3117F595E9615E04F05A54FC15A03B20, 4708E8F1CDE6E9663B5DBEBAB8C684B16E45D41AEF20E4071D0A2931B305BD76 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

16:30:59.0421 0x0b84  Fastfat - ok

16:30:59.0453 0x0b84  [ E7518DC542D3EBDCB80EDD98462C7821, 5C9266A75866AD17A0F6994D63F95B7D99078EA27DEDD6EEB2A79075F3A89D70 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

16:30:59.0531 0x0b84  FastUserSwitchingCompatibility - ok

16:30:59.0578 0x0b84  [ FCBD571FA0EE8DC238944AE5FAB74461, D083D2FE0A526814DD5F82E673AE0847BFCBE77B54CB4BA3190B7937F288F2FD ] Fax             C:\WINDOWS\system32\fxssvc.exe

16:30:59.0671 0x0b84  Fax - ok

16:30:59.0703 0x0b84  [ CED2E8396A8838E59D8FD529C680E02C, 8542AE6A2D65D3F843EA70F5FFBC150B773C5CFA3FE6388FA68A95416FAD0F6E ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys

16:30:59.0765 0x0b84  Fdc - ok

16:30:59.0796 0x0b84  [ E153AB8A11DE5452BCF5AC7652DBF3ED, AEB48687C604B0CDE5F1A13C2EC854CFFBE1CE0837C3898D6D4C6B71265D0ED0 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

16:30:59.0875 0x0b84  Fips - ok

16:30:59.0906 0x0b84  [ 0DD1DE43115B93F4D85E889D7A86F548, D50F7AAE5416C6D41845960BDDA24E97226F609AA726E4F88601ADC9ED50E872 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys

16:30:59.0984 0x0b84  Flpydisk - ok

16:31:00.0015 0x0b84  [ 157754F0DF355A9E0A6F54721914F9C6, 1EB1424D98000FE80901287F9D51DDD18132B7C2CFEC4C7767F32F71DC2F64F9 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys

16:31:00.0093 0x0b84  FltMgr - ok

16:31:00.0140 0x0b84  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

16:31:00.0140 0x0b84  FontCache3.0.0.0 - ok

16:31:00.0156 0x0b84  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:31:00.0250 0x0b84  Fs_Rec - ok

16:31:00.0281 0x0b84  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:31:00.0359 0x0b84  Ftdisk - ok

16:31:00.0375 0x0b84  [ 22399D3CE5840C6082844679CCA5D2FC, B3C2E5086D2B0B22E55B8C978564CFF1A230D59D48F6F705430E66D9598056A5 ] ftsata2         C:\WINDOWS\system32\DRIVERS\ftsata2.sys

16:31:00.0390 0x0b84  ftsata2 - ok

16:31:00.0421 0x0b84  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:31:00.0421 0x0b84  GEARAspiWDM - ok

16:31:00.0421 0x0b84  [ C0F1D4A21DE5A415DF8170616703DEBF, 3E21AAD06CF6EB95662B568671B1DBD129CED481761BCDB67088E965E5C0BC5B ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:31:00.0515 0x0b84  Gpc - ok

16:31:00.0546 0x0b84  [ 3FCC124B6E08EE0E9351F717DD136939, EBFE0FB51E14570A1A1D64C8E5383F3FF28509361D13945B79A9C551EB522012 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:31:00.0593 0x0b84  HDAudBus - ok

16:31:00.0640 0x0b84  [ 8827911A8C37E40C027CBFC88E69D967, ED381F089E6143896B890BD5450FFFB271FC68983412376F54869A93F9D7DA9D ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:31:00.0734 0x0b84  helpsvc - ok

16:31:00.0765 0x0b84  [ 9376E6893E52B368ABC6255BF54F0B28, D3E6B03145988BC80A1F62E5E312BB060E062118B12D30F27C8A432D30962E58 ] HidServ         C:\WINDOWS\System32\hidserv.dll

16:31:00.0843 0x0b84  HidServ - ok

16:31:00.0890 0x0b84  [ 1DE6783B918F540149AA69943BDFEBA8, 6ED28109CA0A7738857D840E369EAB91C1605F2643950762D327CCE241C135A1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:31:00.0984 0x0b84  HidUsb - ok

16:31:00.0984 0x0b84  hpn - ok

16:31:01.0031 0x0b84  [ BFB7B73C942E816C4FB4A5A7BAE87136, 091785EB6F27BFBD88A9D1818DFACFF390A5F5A416A4B2D87F517878FCF2B255 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

16:31:01.0078 0x0b84  HTTP - ok

16:31:01.0093 0x0b84  [ 064D8581ADF77C25133E7D751D917D83, E8623C32E48D3E7A0179C8333C14D8A051C9F7300D0F465E94184F1C75E13A0F ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

16:31:01.0203 0x0b84  HTTPFilter - ok

16:31:01.0281 0x0b84  [ 8ADF5EF39E896A65BEDED878494EE2B6, BA9755A97EA653E85EA2C17C7FD1E20210039152C8D170D4D85B5F6D0EAC93B3 ] hwdatacard      C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

16:31:01.0343 0x0b84  hwdatacard - ok

16:31:01.0375 0x0b84  i2omgmt - ok

16:31:01.0375 0x0b84  i2omp - ok

16:31:01.0406 0x0b84  [ 5502B58EEF7486EE6F93F3F164DCB808, 7E56E49D6444F2F48037B859B491DF95E1C90EC7ED4EF9C477CD2C49783E62E0 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:31:01.0500 0x0b84  i8042prt - ok

16:31:01.0546 0x0b84  [ B122BE74E283A2BC7FEBC180BFD2EFD5, 3FB9AE63AB2ECAC62C03FF19BE60E39C8C2985868FBA393039795A660A05DED3 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

16:31:01.0546 0x0b84  IAANTMON - detected UnsignedFile.Multi.Generic ( 1 )

16:31:01.0546 0x0b84  IAANTMON ( UnsignedFile.Multi.Generic ) - warning

16:31:01.0578 0x0b84  [ 019CF5F31C67030841233C545A0E217A, 594D97054E3A8034D8BC3AE3B9CD8A00D95BB68F8CDA84E96D8EE08D5F24E101 ] iaStor          C:\WINDOWS\system32\DRIVERS\iastor.sys

16:31:01.0593 0x0b84  iaStor - ok

16:31:01.0671 0x0b84  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

16:31:01.0687 0x0b84  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )

16:31:01.0687 0x0b84  IDriverT ( UnsignedFile.Multi.Generic ) - warning

16:31:01.0781 0x0b84  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:31:01.0843 0x0b84  idsvc - ok

16:31:01.0875 0x0b84  [ F8AA320C6A0409C0380E5D8A99D76EC6, A848B9C489DDFBD48BDA140CB9DD43097686115042745F6444F803739168D391 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

16:31:01.0953 0x0b84  Imapi - ok

16:31:01.0984 0x0b84  [ FA788520BCAC0F5D9D5CDE5615C0D931, 7C70D1875B302CABC809627212E33CDD56F12B169EA548F1C94ECF2D14236514 ] ImapiService    C:\WINDOWS\system32\imapi.exe

16:31:02.0078 0x0b84  ImapiService - ok

16:31:02.0078 0x0b84  ini910u - ok

16:31:02.0296 0x0b84  [ 12F4D2AA29745DC2A403FF42E75CF7FA, AEDA35828366822843FA0868463B82ECD933EF478B083E13CE1C41EF1549C7D4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

16:31:02.0562 0x0b84  IntcAzAudAddService - ok

16:31:02.0593 0x0b84  [ 2D722B2B54AB55B2FA475EB58D7B2AAD, 1D4BB8F3ABA0EE51EE9F398E383621882189ABCA63D7F0D8A16581AFD1A85553 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys

16:31:02.0687 0x0b84  IntelIde - ok

16:31:02.0718 0x0b84  [ 279FB78702454DFF2BB445F238C048D2, 51A559AD7C9CAA8BD60D4E167E850B978083FAE9C5632E47D13B1092B56FD0BA ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:31:02.0796 0x0b84  intelppm - ok

16:31:02.0812 0x0b84  [ 4448006B6BC60E6C027932CFC38D6855, C377235EBE475C281ACB6A3267F12D8FE623433F05134A6CE50562414F94D7B1 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

16:31:02.0906 0x0b84  Ip6Fw - ok

16:31:02.0921 0x0b84  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:31:03.0000 0x0b84  IpFilterDriver - ok

16:31:03.0015 0x0b84  [ E1EC7F5DA720B640CD8FB8424F1B14BB, E5CF9F43D8C8028E8F29CAF8AD1E2179E5B02DCAA430900672FCB4C4EE288EF0 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:31:03.0093 0x0b84  IpInIp - ok

16:31:03.0125 0x0b84  [ B5A8E215AC29D24D60B4D1250EF05ACE, D1D47DCF9F35325549833710BD9B1C431698819914212FF6A328DD338FBA0E1D ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:31:03.0234 0x0b84  IpNat - ok

16:31:03.0281 0x0b84  [ 1E6F080D5EDB4C3B4C4EB787A0848DCC, 9BD5483723F5F35C93012F73849197EF4F91C8304004B187616032B4E0ED0ABF ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

16:31:03.0312 0x0b84  iPod Service - ok

16:31:03.0328 0x0b84  [ 64537AA5C003A6AFEEE1DF819062D0D1, 5A6C11317DEF14B8C34A8C669EB75F7A8D46F05090C43D3DFF602CFA13CC504E ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:31:03.0421 0x0b84  IPSec - ok

16:31:03.0437 0x0b84  [ 50708DAA1B1CBB7D6AC1CF8F56A24410, A5657038A66B83472B456246E58884D5DF2E5B63BD176AE3DFFB6D5B6998E8B7 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

16:31:03.0468 0x0b84  IRENUM - ok

16:31:03.0500 0x0b84  [ E504F706CCB699C2596E9A3DA1596E87, 80675B90DEFA75A58CB83FB88ED9CB849FE5CE2522A90F4AF08D54DC5B412541 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:31:03.0578 0x0b84  isapnp - ok

16:31:03.0703 0x0b84  [ 126A16F569122AE00AD3D12EF831D651, D8C109F7B47F7E09CE3D0C9CB98920DA653B364B610C11ABE911BD0EB5EF436F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

16:31:03.0703 0x0b84  JavaQuickStarterService - ok

16:31:03.0718 0x0b84  [ EBDEE8A2EE5393890A1ACEE971C4C246, ACC57A7BACAB100FB2903451D2A48BFE936E3B8F9B13882C1D2DFF9D19BD1D34 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:31:03.0812 0x0b84  Kbdclass - ok

16:31:03.0843 0x0b84  [ E182FA8E49E8EE41B4ADC53093F3C7E6, 2E713992C9B40F6010373A2FFF6DBCC8723BB328DE6875793C46072D8323E9BB ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:31:03.0906 0x0b84  kbdhid - ok

16:31:03.0937 0x0b84  [ D93CAD07C5683DB066B0B2D2D3790EAD, 4C96F68F9914DCCDAFB5D6FC1A765ADFF37C6E4675AF0EF20AA1EDFF04CE27AD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

16:31:04.0031 0x0b84  kmixer - ok

16:31:04.0062 0x0b84  [ EB7FFE87FD367EA8FCA0506F74A87FBB, 5D318CD7DB88473A6FFB74939FF62EB8DD0E6C79847844212D7168095F635531 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

16:31:04.0140 0x0b84  KSecDD - ok

16:31:04.0187 0x0b84  [ 93D32468D34E000CB3407947D1D6E22A, 0CE2BB11771BC49213F1EF6B1C42D1C542E9BBE486898BABCF37BEB194556078 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll

16:31:04.0265 0x0b84  lanmanserver - ok

16:31:04.0312 0x0b84  [ 2C0A7B2AE9C26F2C163627679B42783C, AF101468418679B7B2CF77A5E50C2FAA19BF3D149E3138FD13E8E2E635394F9E ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

16:31:04.0406 0x0b84  lanmanworkstation - ok

16:31:04.0453 0x0b84  [ 8F4D784B3F22F468EEA99DA02B0E39E5, 14B5E94804C545EA89A405B2B0FF57E2667524D5F293E547105906F3FA0782C9 ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys

16:31:04.0453 0x0b84  LBeepKE - ok

16:31:04.0453 0x0b84  lbrtfdc - ok

16:31:04.0546 0x0b84  [ 3AF6B73A3AD1FC37C5933441F66CEB91, F83C709C53DF482D123B2F6EEFE65FB1EBFED8C9F29C29C5500702076745C2DA ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

16:31:04.0546 0x0b84  LBTServ - ok

16:31:04.0578 0x0b84  [ 70035567754BED4E6AD353CA3F175127, E6E6252B5529096E9688324479E36DD82BDBC17304F0264C8B70E3D823A89A9E ] LEqdUsb         C:\WINDOWS\system32\Drivers\LEqdUsb.Sys

16:31:04.0593 0x0b84  LEqdUsb - ok

16:31:04.0640 0x0b84  [ 32491B6BAE0AFAD1D7A62C0EF0AF4321, DEB00178FDCC882CEC3719ADC17F7EEBAACC4005B7FDFB87BB368735CC232DC9 ] LHidEqd         C:\WINDOWS\system32\Drivers\LHidEqd.Sys

16:31:04.0640 0x0b84  LHidEqd - ok

16:31:04.0656 0x0b84  [ 7F9C7B28CF1C859E1C42619EEA946DC8, 098082174C549D67B4B2259702018989A39A8641339EE7CB1E7651F9F508A4B9 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

16:31:04.0656 0x0b84  LHidFilt - ok

16:31:04.0687 0x0b84  [ 5D4B38A8D8525356798F5E560C3A3090, 74E4D2ADA6242508BDF9C12EB050BC0F13C8A70D9CC635759E6331C462A246E4 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

16:31:04.0703 0x0b84  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )

16:31:04.0703 0x0b84  LightScribeService ( UnsignedFile.Multi.Generic ) - warning

16:31:04.0734 0x0b84  [ B3EFF6D938C572E90A07B3D87A3C7657, 8C02DEFD2F1A15740CD5421D20B3808BD27583019AF1B79D087880A71807EEE1 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

16:31:04.0828 0x0b84  LmHosts - ok

16:31:04.0843 0x0b84  [ AB33792A87285344F43B5CE23421BAB0, 79E327764350A6F3F0E25F3295D0C70620EFD5252C0C765446210B67C62568FF ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

16:31:04.0843 0x0b84  LMouFilt - ok

16:31:04.0906 0x0b84  [ 77030525CD86A93F1AF34FA9B96D33CE, 6EF46B127B0BD0C10E9FAB24EE3D53483124C97BD5BDD322C217BB9255715A0E ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys

16:31:04.0906 0x0b84  LUsbFilt - ok

16:31:04.0968 0x0b84  [ 59F57B06D1E3C7A3F22D62C7C5B4C3C3, 6E4433C975791F22DCAB72635059B2410C04B959B796317247D9C3B9E20E6960 ] massfilter      C:\WINDOWS\system32\drivers\massfilter.sys

16:31:05.0031 0x0b84  massfilter - ok

16:31:05.0062 0x0b84  [ DF0A511F38F16016BF658FCA0090CB87, 6D2F6360A4E1D369607F2F394B4A8C6EE8EEE9FA46A67394769E9C0044529B6C ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe

16:31:05.0093 0x0b84  McrdSvc - ok

16:31:05.0140 0x0b84  [ 95FD808E4AC22ABA025A7B3EAC0375D2, 4A067A8B7C539A0C2BFAC55A1869EF56FED835C28F5F7DD7D7BA65A5B273CF5F ] Messenger       C:\WINDOWS\System32\msgsvc.dll

16:31:05.0234 0x0b84  Messenger - ok

16:31:05.0265 0x0b84  [ B7521F69C0A9B29D356157229376FB21, A77C89BDC181038DD0F9A8AC0F7164B10EF9C54B0C57D8BAB8BC27932EBF890B ] MHN             C:\WINDOWS\System32\mhn.dll

16:31:05.0281 0x0b84  MHN - ok

16:31:05.0312 0x0b84  [ 7F2F1D2815A6449D346FCCCBC569FBD6, 1C5A321CE95CE4D9AA2CB5A00E9B7E711521A6BBB25D36F7F49A397C361585C6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys

16:31:05.0328 0x0b84  MHNDRV - ok

16:31:05.0359 0x0b84  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

16:31:05.0437 0x0b84  mnmdd - ok

16:31:05.0484 0x0b84  [ F6415361201915B9FE3896B0E4E724FF, C99C1EE0EABF8847BD4F737D72DB3EE5A57D773F008EC6596E83DAE48474F3F2 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe

16:31:05.0546 0x0b84  mnmsrvc - ok

16:31:05.0578 0x0b84  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05, BF2C49E4D4C2D2E865B1C59FFE76BF29146ADD971D845FBD659A96AA26D72A11 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

16:31:05.0640 0x0b84  Modem - ok

16:31:05.0671 0x0b84  [ 34E1F0031153E491910E12551400192C, D608F77DB7035FD676773A3DF8DBC5DD52CC5198D0681A73D7EAA6C161047A90 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:31:05.0750 0x0b84  Mouclass - ok

16:31:05.0796 0x0b84  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:31:05.0890 0x0b84  mouhid - ok

16:31:05.0906 0x0b84  [ 65653F3B4477F3C63E68A9659F85EE2E, 32A34B22A4C1F50A966F321FD228C6B85F0F0315ABF3D40FC416618E786A4024 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

16:31:05.0984 0x0b84  MountMgr - ok

16:31:06.0015 0x0b84  [ 55A9A7E6BB297BF0F5B144029DCB79CC, FF8858287EB6154529AA852415BB0397E8497199193AB72FFFAE1A0A907261DC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys

16:31:06.0093 0x0b84  MPE - ok

16:31:06.0093 0x0b84  mraid35x - ok

16:31:06.0125 0x0b84  [ 46EDCC8F2DB2F322C24F48785CB46366, 0300EC19CAAEEC52001EBB7F3BE6DE314B42FE7F8BA072905070FEA75CC06E3B ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:31:06.0218 0x0b84  MRxDAV - ok

16:31:06.0234 0x0b84  [ 5DDC9A1B2EB5A4BF010CE8C019A18C1F, 92810F234682985047A20EE4F4A78B435789350DD45903E1B4F88128F3198D5D ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:31:06.0265 0x0b84  MRxSmb - ok

16:31:06.0296 0x0b84  [ 561B3A4333CA2DBDBA28B5B956822519, 5B53906A29B9AA55A399F880CA989F9878BD943D3E97FB10A25BFD723654AF49 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

16:31:06.0375 0x0b84  Msfs - ok

16:31:06.0390 0x0b84  MSIServer - ok

16:31:06.0421 0x0b84  [ AE431A8DD3C1D0D0610CDBAC16057AD0, 8B3BCAC3DA71778DC8B863E6DEF10F02F65D1BDD3381802DDC0B2980F4F1FBB9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:31:06.0500 0x0b84  MSKSSRV - ok

16:31:06.0531 0x0b84  [ 13E75FEF9DFEB08EEDED9D0246E1F448, 69D4CF483753FF253431656E1CB680F6702375696F94E259729BD11C25004031 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:31:06.0609 0x0b84  MSPCLOCK - ok

16:31:06.0625 0x0b84  [ 1988A33FF19242576C3D0EF9CE785DA7, 9E1C07F364DA7EF0D859BB7A3A06F849A153722E27E872640120CC6855D9FC51 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

16:31:06.0718 0x0b84  MSPQM - ok

16:31:06.0734 0x0b84  [ 469541F8BFD2B32659D5D463A6714BCE, 46AA7D2442DCC4C51C08BA0C00136F058F9160E6D6EDE78B2FD82545AE4FD10B ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:31:06.0812 0x0b84  mssmbios - ok

16:31:06.0828 0x0b84  [ BF13612142995096AB084F2DB7F40F77, E23FA89B54772A33A0A92A0701F02CB9683823FCA5CC192235378E1433FB21CF ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys

16:31:06.0906 0x0b84  MSTEE - ok

16:31:06.0937 0x0b84  [ 82035E0F41C2DD05AE41D27FE6CF7DE1, 6111D330E7ACB77E23EA6A9E001FC651DE1DC49D772DC6FDD3C4B8EDA57E1C7A ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

16:31:07.0031 0x0b84  Mup - ok

16:31:07.0078 0x0b84  [ 5C8DC6429C43DC6177C1FA5B76290D1A, BBD145E87D4CF25A873CAE89DF29DF297187B604D42CD36AD8D3F62A033D906E ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:31:07.0156 0x0b84  NABTSFEC - ok

16:31:07.0187 0x0b84  [ 558635D3AF1C7546D26067D5D9B6959E, 8C1802908DF35E442575969D29F4B22019A2B3E4C309B8E193F98F75AE81F013 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

16:31:07.0296 0x0b84  NDIS - ok

16:31:07.0328 0x0b84  [ 520CE427A8B298F54112857BCF6BDE15, 521BFFC460D64CD69D12F8C9D61CEBE409A63F1F1FB928450E4564DA29C0FFEA ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:31:07.0421 0x0b84  NdisIP - ok

16:31:07.0453 0x0b84  [ 08D43BBDACDF23F34D79E44ED35C1B4C, F72CB8FA67C361C40B4C83F08302D7B2FD9178C1C60A7C236AF08B9CB5162591 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:31:07.0546 0x0b84  NdisTapi - ok

16:31:07.0562 0x0b84  [ EEFA1CE63805D2145978621BE5C6D955, EE255EF84BA6CC18AF976D151A314B173BFC900974FD2795396EF6E4E197D10E ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:31:07.0593 0x0b84  Ndisuio - ok

16:31:07.0609 0x0b84  [ 0B90E255A9490166AB368CD55A529893, 90EB17422BF52FE6D0CC6ADA4262D605806C5B583DE04EDEC95FD47EE9697865 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:31:07.0687 0x0b84  NdisWan - ok

16:31:07.0718 0x0b84  [ 59FC3FB44D2669BC144FD87826BB571F, B3C8CEFB09D5C85CBF12AED8CDB1FE455679D3436337263EFDABDC5116D92453 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

16:31:07.0781 0x0b84  NDProxy - ok

16:31:07.0812 0x0b84  neokdss - ok

16:31:07.0828 0x0b84  [ 3A2ACA8FC1D7786902CA434998D7CEB4, ECE218DCDCB4D0A5CA8CBD14E931BAA3B5F381B70BBACB65B0EBBB46D2D31683 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

16:31:10.0156 0x0b84  NetBIOS - ok

16:31:10.0171 0x0b84  [ 0C80E410CD2F47134407EE7DD19CC86B, 2A1D0CE9797F4AB7A24873947A26DD6413B8DBB5A82C24CF28D1FC243AEFC5C8 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

16:31:10.0250 0x0b84  NetBT - ok

16:31:10.0281 0x0b84  [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDE          C:\WINDOWS\system32\netdde.exe

16:31:10.0390 0x0b84  NetDDE - ok

16:31:10.0421 0x0b84  [ 05AFB5AD06462257BEA7495283C86D50, 2D6584D0BFB168E48433EA702E6CABC7CB9B98675D2E99F78D9B84A63D4BD977 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

16:31:10.0500 0x0b84  NetDDEdsdm - ok

16:31:10.0562 0x0b84  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] Netlogon        C:\WINDOWS\system32\lsass.exe

16:31:10.0718 0x0b84  Netlogon - ok

16:31:10.0828 0x0b84  [ DAB9E6C7105D2EF49876FE92C524F565, 22786AF94EA2737A5D9B34B99D2D6F3F41FD46843D6A01E2230723747988E401 ] Netman          C:\WINDOWS\System32\netman.dll

16:31:10.0984 0x0b84  Netman - ok

16:31:11.0078 0x0b84  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:31:11.0093 0x0b84  NetTcpPortSharing - ok

16:31:11.0093 0x0b84  [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC, AD1FD07DD9E745C29986C2A25E9EF80B93CBF0F47FCF76741DD6E9CC81C7D241 ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:31:11.0203 0x0b84  NIC1394 - ok

16:31:11.0250 0x0b84  [ 4E74AF063C3271FBEA20DD940CFD1184, 122D43E61578B6D014C4C0029D952E532F71B795379892667FC8147962F4FA79 ] Nla             C:\WINDOWS\System32\mswsock.dll

16:31:11.0375 0x0b84  Nla - ok

16:31:11.0484 0x0b84  [ 26AC5B4CC358BA47EA8F7F9AADF5178D, 3E94E80AC52DCDD09B564E7DC46C67CBF2511CDF6B73C4EA805A72BB7E741D98 ] nlsvc           C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

16:31:11.0531 0x0b84  nlsvc - detected UnsignedFile.Multi.Generic ( 1 )

16:31:11.0531 0x0b84  nlsvc ( UnsignedFile.Multi.Generic ) - warning

16:31:11.0531 0x0b84  [ 91829F21FB011FAE1FB82A2EADDAC0B8, BB158C3D768D92CC8A596523083FADA9E8BB469F175C2F5158ACEE4C230C0538 ] nltdi           C:\WINDOWS\system32\drivers\nltdi.sys

16:31:11.0562 0x0b84  nltdi - detected UnsignedFile.Multi.Generic ( 1 )

16:31:11.0562 0x0b84  nltdi ( UnsignedFile.Multi.Generic ) - warning

16:31:11.0562 0x0b84  Force sending object to P2P due to detect: nltdi

16:31:11.0562 0x0b84  Object send P2P result: false

16:31:11.0609 0x0b84  [ 4F601BCB8F64EA3AC0994F98FED03F8E, D9D6783B970CB871DE0C6EDD8BE42F30CD1DCD55D4DF006922D9CFC0CF020D27 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

16:31:11.0687 0x0b84  Npfs - ok

16:31:11.0828 0x0b84  [ B78BE402C3F63DD55521F73876951CDD, 020D75527B4814C544820D29CA064E94F2FCB7B1BA011D63E9D2BFD4CF91BA61 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

16:31:12.0140 0x0b84  Ntfs - ok

16:31:12.0187 0x0b84  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] NtLmSsp         C:\WINDOWS\system32\lsass.exe

16:31:12.0281 0x0b84  NtLmSsp - ok

16:31:12.0859 0x0b84  [ B62F29C00AC55A761B2E45877D85EA0F, 8B4B96BDBE26D73F89CC51876929515C1AEA18A8E9CA4E76FAEF538D9E5BDA90 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

16:31:13.0000 0x0b84  NtmsSvc - ok

16:31:13.0031 0x0b84  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys

16:31:13.0109 0x0b84  Null - ok

16:31:13.0281 0x0b84  [ C66A980B4B5E5F84351B286B9EB200BD, C0E367DCD2BED65F72C945E9525B5DB25820BAF8B447313AC680A439E7AFA4BB ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

16:31:13.0656 0x0b84  nv - ok

16:31:13.0703 0x0b84  [ 4CF03AC8C052DC783A91B124651BCF1D, BD7AA6A35BBAC930C83178C466B4067424DF892EC68BAD221C7BC2470AA01D47 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe

16:31:13.0734 0x0b84  NVSvc - ok

16:31:13.0765 0x0b84  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:31:13.0843 0x0b84  NwlnkFlt - ok

16:31:13.0843 0x0b84  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:31:13.0921 0x0b84  NwlnkFwd - ok

16:31:13.0968 0x0b84  [ 0951DB8E5823EA366B0E408D71E1BA2A, EAF0E680BC476D8CEBAD0C21F2EDB958F333B731E8B131DA450D716FEC2C87B0 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:31:14.0062 0x0b84  ohci1394 - ok

16:31:14.0062 0x0b84  [ 29744EB4CE659DFE3B4122DEB45BC478, 5F7B63152CDAA031ACB77E793BB7E8210472D6D1EED911F3A0BD70455FC282FC ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys

16:31:14.0140 0x0b84  Parport - ok

16:31:14.0140 0x0b84  [ 3334430C29DC338092F79C38EF7B4CD0, B54989B46D77F124D66741A939FF2033F73854FC39AF13C8165D01203A94A94E ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

16:31:14.0218 0x0b84  PartMgr - ok

16:31:14.0250 0x0b84  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

16:31:14.0328 0x0b84  ParVdm - ok

16:31:14.0343 0x0b84  [ 8086D9979234B603AD5BC2F5D890B234, 4FCB98D3B6F95B6979B255287480943C1F87A12ECB30D446294C1E84B6DFE620 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

16:31:14.0437 0x0b84  PCI - ok

16:31:14.0453 0x0b84  PCIDump - ok

16:31:14.0453 0x0b84  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys

16:31:14.0531 0x0b84  PCIIde - ok

16:31:14.0578 0x0b84  [ 82A087207DECEC8456FBE8537947D579, 92305DC8BC1CA3BD93A8D996AAA7433E816931B17D5BDFAC06C7251F2759D023 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys

16:31:14.0687 0x0b84  Pcmcia - ok

16:31:14.0687 0x0b84  PDCOMP - ok

16:31:14.0687 0x0b84  PDFRAME - ok

16:31:14.0703 0x0b84  PDRELI - ok

16:31:14.0703 0x0b84  PDRFRAME - ok

16:31:14.0703 0x0b84  perc2 - ok

16:31:14.0718 0x0b84  perc2hib - ok

16:31:14.0734 0x0b84  [ C6CE6EEC82F187615D1002BB3BB50ED4, CEA9C880328205AE3376EB8B005412CB0F8FCE52A71C6F0651EF5F9C193F6E3F ] PlugPlay        C:\WINDOWS\system32\services.exe

16:31:14.0828 0x0b84  PlugPlay - ok

16:31:14.0843 0x0b84  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

16:31:14.0906 0x0b84  PolicyAgent - ok

16:31:14.0937 0x0b84  [ 1C5CC65AAC0783C344F16353E60B72AC, 7786CFE970A79B327DB57AEBADA8B0B94B4DE07CE8AF285E9835B2AADD597296 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:31:15.0031 0x0b84  PptpMiniport - ok

16:31:15.0031 0x0b84  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

16:31:15.0109 0x0b84  ProtectedStorage - ok

16:31:15.0140 0x0b84  [ C590535D68FD6C84707DC1DEBD2AFD68, ADA9E9CDE170D7C8F0F4EDB4D84F341B0AFDA0F22930D57C198C506BE724F19E ] prwntdrv        C:\WINDOWS\system32\prwntdrv.sys

16:31:15.0140 0x0b84  prwntdrv - detected UnsignedFile.Multi.Generic ( 1 )

16:31:15.0140 0x0b84  prwntdrv ( UnsignedFile.Multi.Generic ) - warning

16:31:15.0140 0x0b84  Force sending object to P2P due to detect: prwntdrv

16:31:15.0140 0x0b84  Object send P2P result: false

16:31:15.0156 0x0b84  [ 390C204CED3785609AB24E9C52054A84, D997A9EAAE4A7FED9C2FEBD1AA7D1171431B9C9D56F8BFB587DCAE26203FF4D2 ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys

16:31:15.0187 0x0b84  Ps2 - ok

16:31:15.0218 0x0b84  [ 48671F327553DCF1D27F6197F622A668, CB34A17BC36E8F8BB5F87F9EE21311C50DE9AE156513D682581DE47C93EC155D ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys

16:31:15.0312 0x0b84  PSched - ok

16:31:15.0343 0x0b84  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:31:15.0421 0x0b84  Ptilink - ok

16:31:15.0421 0x0b84  [ 97B735DE4E3CD44C71C8CB09BDBF07B7, 18FE88C41CEF4BE562D746104F4EA3EF428CFCE1DBDC4503121370DD98D5916F ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:31:15.0437 0x0b84  PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )

16:31:15.0437 0x0b84  PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

16:31:15.0437 0x0b84  ql1080 - ok

16:31:15.0437 0x0b84  Ql10wnt - ok

16:31:15.0453 0x0b84  ql12160 - ok

16:31:15.0453 0x0b84  ql1240 - ok

16:31:15.0453 0x0b84  ql1280 - ok

16:31:15.0484 0x0b84  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:31:15.0546 0x0b84  RasAcd - ok

16:31:15.0593 0x0b84  [ 44DB7A9BDD2FB58747D123FBF1D35ADB, 1546B32AE19015213236031E82BF5C44ACF4C1B5F9E379908A1B413C6CA65755 ] RasAuto         C:\WINDOWS\System32\rasauto.dll

16:31:15.0671 0x0b84  RasAuto - ok

16:31:15.0687 0x0b84  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C, F59974A2A3C21071BC72CA4DAF5D2DDF93471EC16FD1A34DE9DC1A50027F6835 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:31:15.0781 0x0b84  Rasl2tp - ok

16:31:15.0812 0x0b84  [ 41A3C11E3517C962C9B44893BCEC3B34, 0D0CA7F91D0A29E7C9F6D89B52A793F82676927DDCEE9EFCF1DD14AB7078481E ] RasMan          C:\WINDOWS\System32\rasmans.dll

16:31:15.0906 0x0b84  RasMan - ok

16:31:15.0921 0x0b84  [ 7306EEED8895454CBED4669BE9F79FAA, DC6874ECAD9105BC9EAB007291958911D7D4D3649124472070B3496B36C45200 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:31:16.0000 0x0b84  RasPppoe - ok

16:31:16.0000 0x0b84  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

16:31:16.0078 0x0b84  Raspti - ok

16:31:16.0109 0x0b84  [ 809CA45CAA9072B3176AD44579D7F688, 95ECD22D042CB2394C869AD42E8F6DAAEE29BA9BBE9C164092A554B505F1EDA2 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:31:16.0140 0x0b84  Rdbss - ok

16:31:16.0171 0x0b84  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:31:16.0250 0x0b84  RDPCDD - ok

16:31:16.0281 0x0b84  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD, 586900D30F44E132AC75520EFF4FF615AA46283F1F050AC93FF9C235AC0F1D75 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:31:16.0359 0x0b84  rdpdr - ok

16:31:16.0390 0x0b84  [ D4F5643D7714EF499AE9527FDCD50894, 6D9EDD9DE3B21324FBDEF074F815A4925F656E06BD15B73B53CD255FD8F0D63F ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

16:31:16.0484 0x0b84  RDPWD - ok

16:31:16.0500 0x0b84  [ 729798E0933076B8FCFCD9934698F164, 87CCF85E6C7F9AB9A5EB97BD9D2BE97429CB178B35FCA17CB1C9B58A0475D726 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

16:31:16.0578 0x0b84  RDSessMgr - ok

16:31:16.0609 0x0b84  [ B31B4588E4086D8D84ADBF9845C2402B, 0B45979623B0AC774A9426C428954E7FB604FAE0DB187C402AF6052906F4099A ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

16:31:16.0687 0x0b84  redbook - ok

16:31:16.0703 0x0b84  [ 3046DB917E3CFA040632799DD9B14865, 90FE0C8C887A718BAEA77B1CFE1F6EEB2595F520A0B3DE0A50B4DE2E1D99CCF4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

16:31:16.0796 0x0b84  RemoteAccess - ok

16:31:16.0843 0x0b84  [ 3151427DB7D87107D1C5BE58FAC53960, 11988626648B2E416A07A8FF7D96BD8F20B150CC24CE9AB139F45A1DDE1D2225 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

16:31:16.0937 0x0b84  RemoteRegistry - ok

16:31:16.0968 0x0b84  [ 793F04A09B15E7C6C11DBDFFAF06C0AB, D108DF4DC61300926F360E4D3B2F75DBEF3D3CB9D4C15260232047ED6FB1BFC7 ] RpcLocator      C:\WINDOWS\system32\locator.exe

16:31:17.0046 0x0b84  RpcLocator - ok

16:31:17.0078 0x0b84  [ CE94A2BD25E3E9F4D46A7373FF455C6D, B6015EF5E9E89A05064BB807CC3DF922185EF79CD11243ED59C882182391955A ] RpcSs           C:\WINDOWS\system32\rpcss.dll

16:31:17.0125 0x0b84  RpcSs - ok

16:31:17.0187 0x0b84  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe

16:31:17.0265 0x0b84  RSVP - ok

16:31:17.0281 0x0b84  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

16:31:17.0375 0x0b84  rtl8139 - ok

16:31:17.0390 0x0b84  [ 84885F9B82F4D55C6146EBF6065D75D2, 76FE1B6C432B6C74FC283DE52D14EF668F8C4AAD0D139F362635EFB30482B4ED ] SamSs           C:\WINDOWS\system32\lsass.exe

16:31:17.0468 0x0b84  SamSs - ok

16:31:17.0500 0x0b84  [ 25D8DE134DF108E3DBC8D7D23B1AA58E, BF4C48E75D696546AB69E205F5492553001C9A92127D824F7F9BFCFE0F1C1093 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

16:31:17.0593 0x0b84  SCardSvr - ok

16:31:17.0625 0x0b84  [ 92360854316611F6CC471612213C3D92, A45DC437FA0DEC1DB540DC889A2469E8C3C4360F2F41FE60BFA3F78462507959 ] Schedule        C:\WINDOWS\system32\schedsvc.dll

16:31:17.0718 0x0b84  Schedule - ok

16:31:17.0765 0x0b84  [ D26E26EA516450AF9D072635C60387F4, C78D26B2E6343176EA9E09DD96CDAE108F832B7973FABF756D05E24392FEF388 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:31:17.0812 0x0b84  Secdrv - ok

16:31:17.0843 0x0b84  [ B1E0CE09895376871746F36DC5773B4F, 686458ED5D4C72AAF2F45B4FCBB44BFA0D84DFE93B5E01ECCBEAD33CBAC52BD5 ] seclogon        C:\WINDOWS\System32\seclogon.dll

16:31:17.0937 0x0b84  seclogon - ok

16:31:17.0968 0x0b84  [ DFD9870CF39C791D86C4C209DA9FA919, 336A0525630149EF160AE8346AF6BEE2FAA0289629FA052ADAF887B5B84A918D ] SENS            C:\WINDOWS\system32\sens.dll

16:31:18.0031 0x0b84  SENS - ok

16:31:18.0062 0x0b84  [ CD9404D115A00D249F70A371B46D5A26, D9FC869FA9A6B9574A1FCE70E7B919D8F79E02B28967E49F6DEF83A84520ECDF ] Serial          C:\WINDOWS\system32\drivers\Serial.sys

16:31:18.0140 0x0b84  Serial - ok

16:31:18.0187 0x0b84  [ 0D13B6DF6E9E101013A7AFB0CE629FE0, 2214EA0F16BB33970E299CE457EB50AEE0BEF7959BC1EBD3C06C78A46B42B808 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys

16:31:18.0250 0x0b84  Sfloppy - ok

16:31:18.0296 0x0b84  [ 36CC8C01B5E50163037BEF56CB96DEFF, F8D3CC92E97E8C97A0F88850D6D96CFA02A69940208834F413A8FCB71241F552 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

16:31:18.0406 0x0b84  SharedAccess - ok

16:31:18.0437 0x0b84  [ E7518DC542D3EBDCB80EDD98462C7821, 5C9266A75866AD17A0F6994D63F95B7D99078EA27DEDD6EEB2A79075F3A89D70 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

16:31:18.0531 0x0b84  ShellHWDetection - ok

16:31:18.0531 0x0b84  Simbad - ok

16:31:18.0609 0x0b84  [ 903B5B4CAA9A85B85BA57E411F7235FA, 34E7E8324CEFCE2AE1C862BF8E688A399D40158EA3E720713F3B38BF88211B79 ] SliceDisk5      C:\Program Files\A-FF Find and Mount\slicedisk.sys

16:31:18.0625 0x0b84  SliceDisk5 - detected UnsignedFile.Multi.Generic ( 1 )

16:31:18.0625 0x0b84  SliceDisk5 ( UnsignedFile.Multi.Generic ) - warning

16:31:18.0640 0x0b84  [ 5CAEED86821FA2C6139E32E9E05CCDC9, 63F91C95FD2914DAEC648A6EAF75EE5E18EAA7754F5A03A57D693AC49C66479E ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys

16:31:18.0718 0x0b84  SLIP - ok

16:31:18.0718 0x0b84  SMR410 - ok

16:31:18.0765 0x0b84  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

16:31:18.0843 0x0b84  SONYPVU1 - ok

16:31:18.0843 0x0b84  Sparrow - ok

16:31:18.0859 0x0b84  [ 8E186B8F23295D1E42C573B82B80D548, C418568C2071E2761CD26F736443BD7BF9C6914D47D171A5AC990278E855A74F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

16:31:18.0953 0x0b84  splitter - ok

16:31:18.0984 0x0b84  [ 7435B108B935E42EA92CA94F59C8E717, 73887EF68291264D9A17D70133EFDC0DE87E30B717A965A4B64108FB5482C39C ] Spooler         C:\WINDOWS\system32\spoolsv.exe

16:31:19.0062 0x0b84  Spooler - ok

16:31:19.0093 0x0b84  [ E41B6D037D6CD08461470AF04500DC24, 9556C669E69B1B290865FCAABD5D793B310C071B64FD3DF9FCFADC3716BDC926 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

16:31:19.0140 0x0b84  sr - ok

16:31:19.0171 0x0b84  [ 92BDF74F12D6CBEC43C94D4B7F804838, C1BFE7F498F4A9992FEA459CE7EEF7525AE51A7E04C76D676819A61615A4A92E ] srservice       C:\WINDOWS\system32\srsvc.dll

16:31:19.0203 0x0b84  srservice - ok

16:31:19.0234 0x0b84  [ 553007ECCE7F6565BBE645BEB66D3B69, DFDD7F8AE9AE4C4E6D1F5D83C8274CA0F0C3551197335C4DB24257EDD4551D96 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys

16:31:19.0281 0x0b84  Srv - ok

16:31:19.0312 0x0b84  [ 4B8D61792F7175BED48859CC18CE4E38, 13C50FACC85828F56FF5B29D13B004933352CB581B62B218038B503561531981 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

16:31:19.0359 0x0b84  SSDPSRV - ok

16:31:19.0406 0x0b84  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6, D2F90880B5E8CFD205FE2302FFFF4668989300249811F97F73DE56B42FCD3E85 ] stisvc          C:\WINDOWS\system32\wiaservc.dll

16:31:19.0500 0x0b84  stisvc - ok

16:31:19.0531 0x0b84  [ 284C57DF5DC7ABCA656BC2B96A667AFB, 7E3CAE1911E710B1CC37571AE1B92DC981FCD46E67A3AD3C258672D17781C709 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:31:19.0609 0x0b84  streamip - ok

16:31:19.0625 0x0b84  [ 03C1BAE4766E2450219D20B993D6E046, 0D8E5B141EAA9E2C8D1F8BFD522F57EE8074216A336CBE37FE77B8ADDB791DBE ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

16:31:19.0703 0x0b84  swenum - ok

16:31:19.0750 0x0b84  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D, EEF6DB9EDD8C273A6595675A7A12B9D440FA4E178BA7C69FB1942D97E291F989 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

16:31:19.0812 0x0b84  swmidi - ok

16:31:19.0828 0x0b84  SwPrv - ok

16:31:19.0828 0x0b84  symc810 - ok

16:31:19.0843 0x0b84  symc8xx - ok

16:31:19.0843 0x0b84  sym_hi - ok

16:31:19.0843 0x0b84  sym_u3 - ok

16:31:19.0859 0x0b84  [ 650AD082D46BAC0E64C9C0E0928492FD, 6A587A55418A3A7867602D92B99FE393152DED191F27992C4BA909BD268AC43C ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

16:31:19.0953 0x0b84  sysaudio - ok

16:31:20.0031 0x0b84  [ 5394EF53A3C0EC1D9F2E6756EE612FB7, 0BCE8C96250F329E7793A53140ACCF02076B9A43823D9526C12071EF1091996A ] syshost32       C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

16:31:20.0031 0x0b84  Suspicious file ( NoAccess ): C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe. md5: 5394EF53A3C0EC1D9F2E6756EE612FB7, sha256: 0BCE8C96250F329E7793A53140ACCF02076B9A43823D9526C12071EF1091996A

16:31:20.0031 0x0b84  syshost32 - detected LockedFile.Multi.Generic ( 1 )

16:31:20.0031 0x0b84  syshost32 ( LockedFile.Multi.Generic ) - warning

16:31:20.0062 0x0b84  [ 8B54AA346D1B1B113FFAA75501B8B1B2, 0DBCAA0FEA212F2274973B1CAD8DB0AD7FC117D8483C9BB78166372907A5B398 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

16:31:20.0140 0x0b84  SysmonLog - ok

16:31:20.0171 0x0b84  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD, 6B40DBFB6A055D5B748383EF51B206CC4F978405BCC7F9A25FAC90668FD818C4 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

16:31:20.0265 0x0b84  TapiSrv - ok

16:31:20.0296 0x0b84  [ 0E66B538096A6529D1AC66E78EB0D5C8, 2C9028B31D1D185365D17A810EC07DA4717DC5E7A9CDE7FEE72ABCE01F7C863D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:31:20.0343 0x0b84  Tcpip - ok

16:31:20.0375 0x0b84  [ 38D437CF2D98965F239B0ABCD66DCB0F, CC497A25C7AC1FF1E07CEE25FB0C5A5E6C4005C1CB244601FE620884A5C26506 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

16:31:20.0437 0x0b84  TDPIPE - ok

16:31:20.0468 0x0b84  [ ED0580AF02502D00AD8C4C066B156BE9, 41AA6C88CF48CAF0DA8E374F37E74206E4F558332075304A28983D04E08B3154 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

16:31:20.0562 0x0b84  TDTCP - ok

16:31:20.0578 0x0b84  [ A540A99C281D933F3D69D55E48727F47, CC430FA0E0F1745E167877003FDCC35FE940AF8CAD05387ECBA880CC3A3F6709 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

16:31:20.0640 0x0b84  TermDD - ok

16:31:20.0671 0x0b84  [ C29A5286E64D97385178452D5F307B98, AA8C01388ED42856B2791AA1A328B945EE06799DFA299CE0A14C33873385F5AF ] TermService     C:\WINDOWS\System32\termsrv.dll

16:31:20.0718 0x0b84  TermService - ok

16:31:20.0750 0x0b84  [ E7518DC542D3EBDCB80EDD98462C7821, 5C9266A75866AD17A0F6994D63F95B7D99078EA27DEDD6EEB2A79075F3A89D70 ] Themes          C:\WINDOWS\System32\shsvcs.dll

16:31:20.0828 0x0b84  Themes - ok

16:31:20.0843 0x0b84  [ 37DB0A7D097310E8B4DE803FC3119C78, 2335C1D47ED3EFBC41AA4DC6BF35588605CAAA67BD047B431E07BAD7201BABC3 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe

16:31:20.0906 0x0b84  TlntSvr - ok

16:31:20.0906 0x0b84  TosIde - ok

16:31:20.0937 0x0b84  [ 6D9AC544B30F96C57F8206566C1FB6A1, C39D35D169A3BCA5E458815A1B60CE92D19BC04579D62DAB9396B42760C5E47B ] TrkWks          C:\WINDOWS\system32\trkwks.dll

16:31:21.0015 0x0b84  TrkWks - ok

16:31:21.0109 0x0b84  [ 531F3A3FDA675CFAA6D2BDFAB1D735AE, 4B59B9FF3FCA2CD8ECE92DB13396D6B69EA8E81077C9E3C725A381B2B3FC8D00 ] TVersityMediaServer C:\Program Files\TVersity\Media Server\MediaServer.exe

16:31:21.0171 0x0b84  TVersityMediaServer - detected UnsignedFile.Multi.Generic ( 1 )

16:31:21.0171 0x0b84  TVersityMediaServer ( UnsignedFile.Multi.Generic ) - warning

16:31:21.0203 0x0b84  [ 12F70256F140CD7D52C58C7048FDE657, F2E3E645AA713A520452F5E17513D258D3900E93F65013551FC2B542BFA15BB3 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

16:31:21.0296 0x0b84  Udfs - ok

16:31:21.0296 0x0b84  ultra - ok

16:31:21.0328 0x0b84  [ 9651E5D850B6F6BD7C77C70AA06F02BF, 746B9948BD77FE332991C08959908B5E613CE4A358B00BB67B3F8AB13FFD27C8 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe

16:31:21.0375 0x0b84  UMWdf - ok

16:31:21.0406 0x0b84  [ AFF2E5045961BBC0A602BB6F95EB1345, FEEF47B9683B0F26355AC0947019DE9AE27002A7019C1C4A2D22FA0046E9F07B ] Update          C:\WINDOWS\system32\DRIVERS\update.sys

16:31:21.0500 0x0b84  Update - ok

16:31:21.0531 0x0b84  [ 0546477BDE979E33294FE97F6B3DE84A, 9DE7E3F4FDF0A94307C0517DBDD4DB057C187E3AFDC473BBFEB3AA339E31716B ] upnphost        C:\WINDOWS\System32\upnphost.dll

16:31:21.0578 0x0b84  upnphost - ok

16:31:21.0609 0x0b84  [ 3F5DF65B0758675F95A2D43918A740A3, BC639259E0365C66F4C6CF2F341395942706810E4B393598429FA3B929D16D8C ] UPS             C:\WINDOWS\System32\ups.exe

16:31:21.0687 0x0b84  UPS - ok

16:31:21.0734 0x0b84  [ 1DF89C499BF45D878B87EBD4421D462D, 37FE229C128DA2C3380944EDFA8E6117CB4B36D99EEFB2AEB1DD4E0890B49A17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys

16:31:21.0765 0x0b84  USBAAPL - ok

16:31:21.0828 0x0b84  [ 45A0D14B26C35497AD93BCE7E15C9941, F88F51D03BE33D19E98EA0B45273E84AB77C9927669ADBE7D175354034D9610F ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys

16:31:21.0890 0x0b84  usbaudio - ok

16:31:21.0921 0x0b84  [ BFFD9F120CC63BCBAA3D840F3EEF9F79, 0183D82E341473200FB1A05F6ABBBA3F2BD635654F49599E4CEB3E6394A33D36 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:31:21.0984 0x0b84  usbccgp - ok

16:31:22.0015 0x0b84  [ 7481D843E672B51039B7E8A161B746B8, A4A0E4F35E30C4DED10492CAA25DC37E6E9A7B3BE29C02D36706F68C52430B28 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:31:22.0031 0x0b84  usbehci - ok

16:31:22.0062 0x0b84  [ C72F40947F92CEA56A8FB532EDF025F1, EBB9E235C973574B835B1FD22D813E9215029B3FC5030591D6F7971C9A23AEF7 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:31:22.0125 0x0b84  usbhub - ok

16:31:22.0156 0x0b84  [ A42369B7CD8886CD7C70F33DA6FCBCF5, EEDAA16F906A2F8FF40009ED10243F66A5CCE878111F1001DA6060A42DD79047 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:31:22.0250 0x0b84  usbprint - ok

16:31:22.0281 0x0b84  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85, E40B73D4E2417F4874D155885C86E4FB44557324616AABD84EFE6C4751DCC46B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:31:22.0359 0x0b84  usbscan - ok

16:31:22.0390 0x0b84  [ 6CD7B22193718F1D17A47A1CD6D37E75, CFD74FE06819DA488654F88BFCCBF29994FE7F04EC6CD5CD41552B0C95A8130F ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:31:22.0468 0x0b84  usbstor - ok

16:31:22.0484 0x0b84  [ F8FD1400092E23C8F2F31406EF06167B, AE93C83BA1966535AFA3E72D6F69156B7E56F021A6808EC8DA44C7E7D506D7E5 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:31:22.0562 0x0b84  usbuhci - ok

16:31:22.0593 0x0b84  [ 8968FF3973A883C49E8B564200F565B9, 64811243DA03B8B538E6B10954655C2A87D8CF8090F4BF4537A97947D4E6C3DC ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys

16:31:22.0671 0x0b84  usbvideo - ok

16:31:22.0703 0x0b84  [ 8A60EDD72B4EA5AEA8202DAF0E427925, ED0624B285E4F64E07E30C12490873A2090F9DFD6A91A2EDA7A1082B88A8199E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

16:31:22.0781 0x0b84  VgaSave - ok

16:31:22.0796 0x0b84  [ 59CB1338AD3654417BEA49636457F65D, 1B03B894BEA354C190782C6570498B5126F3B884E9DBFE6E9B176D7C47AD79D4 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys

16:31:22.0890 0x0b84  ViaIde - ok

16:31:22.0890 0x0b84  [ EE4660083DEBA849FF6C485D944B379B, 4DA3CA0DEA0698D387EA370D9BBFF06FEF1C0A5B3D7F772164441B63B8A3927A ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

16:31:22.0968 0x0b84  VolSnap - ok

16:31:23.0015 0x0b84  [ 3EE00364AE0FD8D604F46CBAF512838A, 962168941F4E291F2B5236DA7DB84E50DC335F42595B4BC31FCB7960BD8743FC ] VSS             C:\WINDOWS\System32\vssvc.exe

16:31:23.0078 0x0b84  VSS - ok

16:31:23.0109 0x0b84  [ 2B281958F5D0CF99ED626E3EF39D5C8D, FB46398AE01CDD9CB6E1E647E4DDA86B670F93F787D69B885C7E930D4FF8F3FC ] W32Time         C:\WINDOWS\system32\w32time.dll

16:31:23.0187 0x0b84  W32Time - ok

16:31:23.0218 0x0b84  [ 984EF0B9788ABF89974CFED4BFBAACBC, 8178888E3A1AA3BD3BE34456118BB76AF2DD04EC575E4880F97A8EFB182C9E92 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:31:23.0296 0x0b84  Wanarp - ok

16:31:23.0343 0x0b84  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

16:31:23.0375 0x0b84  Wdf01000 - ok

16:31:23.0375 0x0b84  WDICA - ok

16:31:23.0421 0x0b84  [ 2797F33EBF50466020C430EE4F037933, F134F8C091D944880714E4D193D2753BE4F1C18757D5274A892195C4EC9C4D08 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

16:31:23.0515 0x0b84  wdmaud - ok

16:31:23.0531 0x0b84  [ 5D0A442864BFBF3B19DCCA4CD29F6E99, 856346DBE80450BFCB3E7A5D9C7AEB3DF41D4CEBC35FE550E0CD86161BC43A31 ] WebClient       C:\WINDOWS\System32\webclnt.dll

16:31:23.0625 0x0b84  WebClient - ok

16:31:23.0687 0x0b84  [ F399242A80C4066FD155EFA4CF96658E, DC40735D288193170DAF5571A829702EDC07DDAEA87ECF59490DFB516A690F9B ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll

16:31:23.0765 0x0b84  winmgmt - ok

16:31:23.0796 0x0b84  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys

16:31:23.0843 0x0b84  WinUSB - ok

16:31:23.0875 0x0b84  [ B9715B9C18BC6C8F4B66733D208CC9F7, 1F1298810AB5BA0B669091481ECC6D545B4ADBB2D80C8EFB257439E3818A9A84 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll

16:31:23.0921 0x0b84  WmdmPmSN - ok

16:31:23.0968 0x0b84  [ 1AFF244CA134956C54474F4E2433E4CE, 726B06C58006FF10F718C1D4E9BD1E3C2EFAF931F684C4BA325CF0AC6B1A25E6 ] Wmi             C:\WINDOWS\System32\advapi32.dll

16:31:24.0093 0x0b84  Wmi - ok

16:31:24.0140 0x0b84  [ BA8CECC3E813E1F7C441B20393D4F86C, E60AC60B67926F61AD872412DC2E096825F97D725B66834328EC3B97F62DBFEA ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:31:24.0218 0x0b84  WmiApSrv - ok

16:31:24.0250 0x0b84  [ B72D232E46FF5EE2BD8F61498B748DF7, ED7E3719885BEA0F962A8DAAF84B9054772829A1909A0B6DB09C98C437BA81CF ] WN5301          C:\WINDOWS\system32\DRIVERS\wn5301.sys

16:31:24.0312 0x0b84  WN5301 - ok

16:31:24.0328 0x0b84  [ EF8848D2A558AFFE99CF264180E499AC, A8BF3E491EC5EE39B82A0D776E266E4414DA7638BCE1A0EA18EFFF0852017A2E ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys

16:31:24.0375 0x0b84  WpdUsb - ok

16:31:24.0406 0x0b84  [ 4D59DAA66C60858CDF4F67A900F42D4A, 312DC7D712F0807EBE5B3984E1BC19E7327D6357818D51AEB33058B052AEAA83 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

16:31:24.0484 0x0b84  wscsvc - ok

16:31:24.0515 0x0b84  [ D5842484F05E12121C511AA93F6439EC, 531888E914578172534BBC3220A86C99D1FCE423E89834B533E0A79F583436F3 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:31:24.0593 0x0b84  WSTCODEC - ok

16:31:24.0640 0x0b84  [ 13D72740963CBA12D9FF76A7F218BCD8, 3E4D0369F85E64FB6E4088753D7654D58900B480BEBF42F3CB6969355CEAC5A8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

16:31:25.0171 0x0b84  wuauserv - ok

16:31:25.0234 0x0b84  [ 247520EDED53A08AE89EA4FAE04F54D8, A360E96340B196DAD2C0BA7F0F522DF64713B9D0BDFA68F19D54BCB7B1AEC745 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

16:31:25.0281 0x0b84  WZCSVC - ok

16:31:25.0296 0x0b84  [ EEF46DAB68229A14DA3D8E73C99E2959, C9D7083BC69E1A4672D06CBD9E4E6FD93C3CA67E28EC040D1CC6AAFBFC825813 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

16:31:25.0671 0x0b84  xmlprov - ok

16:31:25.0734 0x0b84  [ 513C31379B7F107E69A908D6E69D3928, D3CE2DAD1A2AF97416CEC2466C6AB6A971326A65420CA3C19AD26C65799615E5 ] ZTEusbmdm6k     C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

16:31:25.0828 0x0b84  ZTEusbmdm6k - ok

16:31:25.0843 0x0b84  [ 7DF32DC0267C91BACF7E2B4E38AC5DF1, DECB313C53D8691E04EB7734FD08F573E47E238DC30D2FCAF2A8ECCD118E9C1F ] ZTEusbnet       C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys

16:31:25.0906 0x0b84  ZTEusbnet - ok

16:31:25.0968 0x0b84  [ 513C31379B7F107E69A908D6E69D3928, D3CE2DAD1A2AF97416CEC2466C6AB6A971326A65420CA3C19AD26C65799615E5 ] ZTEusbnmea      C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

16:31:26.0000 0x0b84  ZTEusbnmea - ok

16:31:26.0015 0x0b84  [ 513C31379B7F107E69A908D6E69D3928, D3CE2DAD1A2AF97416CEC2466C6AB6A971326A65420CA3C19AD26C65799615E5 ] ZTEusbser6k     C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

16:31:26.0031 0x0b84  ZTEusbser6k - ok

16:31:26.0046 0x0b84  ================ Scan global ===============================

16:31:26.0078 0x0b84  [ 00EF9C3AF83EDBAF18CA7A2837750117, 87DB68DC66EADA719411C2B3DB02768C52D61BAA94216FCE9C4EE5C710EE7171 ] C:\WINDOWS\system32\basesrv.dll

16:31:26.0156 0x0b84  [ 442D0EAD5534E4ADCF6D4469043C82C0, B1DCC27DE175C763A234C61CBD7DE6F696B523D9A2BA35873B7D7255D613E644 ] C:\WINDOWS\system32\winsrv.dll

16:31:26.0218 0x0b84  [ 442D0EAD5534E4ADCF6D4469043C82C0, B1DCC27DE175C763A234C61CBD7DE6F696B523D9A2BA35873B7D7255D613E644 ] C:\WINDOWS\system32\winsrv.dll

16:31:26.0250 0x0b84  [ C6CE6EEC82F187615D1002BB3BB50ED4, CEA9C880328205AE3376EB8B005412CB0F8FCE52A71C6F0651EF5F9C193F6E3F ] C:\WINDOWS\system32\services.exe

16:31:26.0250 0x0b84  [ Global ] - ok

16:31:26.0250 0x0b84  ================ Scan MBR ==================================

16:31:26.0281 0x0b84  [ D11C727E03BB7318DCDA069B06E652F0 ] \Device\Harddisk0\DR0

16:31:26.0546 0x0b84  \Device\Harddisk0\DR0 - ok

16:31:26.0546 0x0b84  ================ Scan VBR ==================================

16:31:26.0546 0x0b84  [ 478BBA9A62E56D1569FE365F3C0A38A7 ] \Device\Harddisk0\DR0\Partition1

16:31:26.0578 0x0b84  \Device\Harddisk0\DR0\Partition1 - ok

16:31:26.0609 0x0b84  [ 7AA0CDCECD64714CC92BE2E9D09A5CEC ] \Device\Harddisk0\DR0\Partition2

16:31:26.0609 0x0b84  \Device\Harddisk0\DR0\Partition2 - ok

16:31:26.0609 0x0b84  ================ Scan generic autorun ======================

16:31:26.0640 0x0b84  [ 7A21E06385E748E9CB0252F1BBC493F1, ACBEC5E2CB462DA458914D0CCB405A8AE92F6F478C1C46CE0FA4F49E65EBB711 ] C:\WINDOWS\ehome\ehtray.exe

16:31:26.0656 0x0b84  ehTray - ok

16:31:26.0656 0x0b84  ftutil2 - ok

16:31:26.0734 0x0b84  [ 7BBE4CF421AECC7F0226EDD75F12079F, 8E78FC5E0657DB066F9EBAADEA9AFECB1AAA570DD9C08C7ED42116704D2E379D ] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

16:31:26.0828 0x0b84  IMJPMIG8.1 - ok

16:31:26.0859 0x0b84  [ 1B17E09C1223F6D17336D2DD7A1AF4F4, 06DFAD95007532CCF46D593EEDC2474936614AEDCEA7BF983E36DAD22F850B08 ] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

16:31:26.0953 0x0b84  MSPY2002 - ok

16:31:27.0000 0x0b84  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

16:31:27.0109 0x0b84  PHIME2002ASync - ok

16:31:27.0156 0x0b84  [ 024DC0F68DF5FD6AE9DD82DFBAF479D6, FDBF0FD05CFB757C704B22703DF23E05207F14877A4EF52E3032012B6FD0C4E0 ] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

16:31:27.0234 0x0b84  PHIME2002A - ok

16:31:27.0875 0x0b84  [ 10B0722C7203181B0C50C6CB974D2F2A, 1C0D1C3C9016B8F0FD89FF0192084B6647D0E52D6178A0DE1A0CD13C7E23B0AF ] C:\WINDOWS\RTHDCPL.EXE

16:31:28.0640 0x0b84  RTHDCPL - ok

16:31:28.0687 0x0b84  [ 3765535734DAEB53E783E239E5D6475B, BE542BF05A0749125E8ADE1879583C3266164AD4B52D2293BF85D3A4CC8CF70E ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

16:31:28.0687 0x0b84  IAAnotif - detected UnsignedFile.Multi.Generic ( 1 )

16:31:28.0687 0x0b84  IAAnotif ( UnsignedFile.Multi.Generic ) - warning

16:31:28.0687 0x0b84  Force sending object to P2P due to detect: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

16:31:28.0687 0x0b84  Object send P2P result: false

16:31:28.0703 0x0b84  NvCplDaemon - ok

16:31:28.0703 0x0b84  nwiz - ok

16:31:28.0750 0x0b84  [ 9E1992C27ECF7F08C154DCACF32F1AAB, A3E67559309EF7BDF462E7ADEC405E7CB2FF489A5CAE5D1DBC9EE70AEA0692ED ] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

16:31:28.0750 0x0b84  DMAScheduler - detected UnsignedFile.Multi.Generic ( 1 )

16:31:28.0750 0x0b84  DMAScheduler ( UnsignedFile.Multi.Generic ) - warning

16:31:28.0781 0x0b84  [ F3EAEA279F09A7779C18793C87640794, 63751866EE2413099C0E613D4C5C1F41A7042A4AFE3EDF913231E0EA71861D7D ] C:\WINDOWS\SMINST\RECGUARD.EXE

16:31:28.0812 0x0b84  Recguard - detected UnsignedFile.Multi.Generic ( 1 )

16:31:28.0812 0x0b84  Recguard ( UnsignedFile.Multi.Generic ) - warning

16:31:28.0890 0x0b84  [ A789B145F17FA5C2326907F4872FE173, 11138E0FE6691DC7724419A392D8A43BBC3A2E84BF69804D7A18F29232982D27 ] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

16:31:28.0890 0x0b84  HPBootOp - detected UnsignedFile.Multi.Generic ( 1 )

16:31:28.0890 0x0b84  HPBootOp ( UnsignedFile.Multi.Generic ) - warning

16:31:28.0921 0x0b84  [ 821F73B833C4DAEBC33C1A9A4B16BB5A, B581041DA43D1CB5455B4AB8A999A574725BC742FF324FD12FDB2ED6371F5129 ] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

16:31:28.0921 0x0b84  HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )

16:31:28.0921 0x0b84  HP Software Update ( UnsignedFile.Multi.Generic ) - warning

16:31:28.0921 0x0b84  Force sending object to P2P due to detect: C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

16:31:28.0921 0x0b84  Object send P2P result: false

16:31:29.0000 0x0b84  [ F123D04B93FC612FE759ECEE406990E8, 2134BDF17C2A2C116EA984F3C0B2EC93DAA1370C22B958A4B6F8E92C4C8BB9A8 ] C:\Program Files\DU Meter\DUMeter.exe

16:31:29.0062 0x0b84  DU Meter - detected UnsignedFile.Multi.Generic ( 1 )

16:31:29.0062 0x0b84  DU Meter ( UnsignedFile.Multi.Generic ) - warning

16:31:29.0125 0x0b84  [ 1AC2C58B587C70DE64582AD41EE79FBA, 6CCA4B7A839E75AB7C5C8ACD20DF66A9570FD9EEDC5F24C537D1C269E22E22B8 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe

16:31:29.0156 0x0b84  TkBellExe - detected UnsignedFile.Multi.Generic ( 1 )

16:31:29.0156 0x0b84  TkBellExe ( UnsignedFile.Multi.Generic ) - warning

16:31:29.0156 0x0b84  Force sending object to P2P due to detect: C:\Program Files\Common Files\Real\Update_OB\realsched.exe

16:31:29.0156 0x0b84  Object send P2P result: false

16:31:29.0203 0x0b84  [ 55D7A219AD8D0DB8980528944152A6FD, 60C52F8CED06BED05DDDADA26554F76AC5BD1A746782CF5308F10886AA2F0FEC ] C:\Program Files\QT Lite\qttask.exe

16:31:29.0234 0x0b84  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )

16:31:29.0234 0x0b84  QuickTime Task ( UnsignedFile.Multi.Generic ) - warning

16:31:29.0296 0x0b84  [ E42A642E162B0468B2C4E9D803079C7F, BD5922F06FE7BAF23AD04FF8850E773CCDEFEA9469517DEB1B9954F8A7EE51E5 ] C:\WINDOWS\KHALMNPR.EXE

16:31:29.0843 0x0b84  Kernel and Hardware Abstraction Layer - ok

16:31:29.0984 0x0b84  [ 50F85FE43AF859330CC9515353EF300C, 8B8ACE4F0B306BAC57FA9DA835115E2D9301658CB2C636D7F48B4212D8E5A1C8 ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

16:31:30.0093 0x0b84  CanonMyPrinter - ok

16:31:30.0171 0x0b84  [ 3B78ACCCAA5132638E7CF419F4A965C7, C91DD62901778FEB6BDBABD6F736D59FD85361AE53867AD232C90D22ECB7B49F ] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

16:31:30.0218 0x0b84  CanonSolutionMenuEx - ok

16:31:30.0328 0x0b84  [ 1E361F31E4C10AEFCAAE2643E01C26C4, F8B4F248E30FA6F5E9D0F5D61A2897A54809B78206DD3189720E1D933BBB5F55 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe

16:31:30.0328 0x0b84  SunJavaUpdateSched - ok

16:31:30.0359 0x0b84  [ 24232996A38C0B0CF151C2140AE29FC8, D2FED8CCAE118F06FD948A4B12445AA8C29A3E7BB5B6FE90970FBC27F426F0B0 ] C:\WINDOWS\system32\CTFMON.EXE

16:31:30.0437 0x0b84  CTFMON.EXE - ok

16:31:30.0437 0x0b84  [ 24232996A38C0B0CF151C2140AE29FC8, D2FED8CCAE118F06FD948A4B12445AA8C29A3E7BB5B6FE90970FBC27F426F0B0 ] C:\WINDOWS\system32\CTFMON.EXE

16:31:30.0515 0x0b84  CTFMON.EXE - ok

16:31:30.0531 0x0b84  [ 5A9E209153D2D61939D21E4275B45D87, B89FEDC1DEE7E5905C4AA417D475ABE51D8A35BDD9314F0413FFDD591B42EB0F ] C:\Program Files\AutoSizer\AutoSizer.exe

16:31:30.0562 0x0b84  AutoSizer - detected UnsignedFile.Multi.Generic ( 1 )

16:31:30.0562 0x0b84  AutoSizer ( UnsignedFile.Multi.Generic ) - warning

16:31:30.0671 0x0b84  [ 74E6E96C6F0E2ECA4EDBB7F7A468F259, 58D083FE62A47860DE7E4D87EC74F1E900C1B1824A3E8C2B94CE07936AF0D0D1 ] C:\Program Files\Messenger\msmsgs.exe

16:31:30.0828 0x0b84  MSMSGS - ok

16:31:30.0843 0x0b84  Win FW state via NFM: disabled

16:31:30.0843 0x0b84  ============================================================

16:31:30.0843 0x0b84  Scan finished

16:31:30.0843 0x0b84  ============================================================

16:31:30.0859 0x0bdc  Detected object count: 26

16:31:30.0859 0x0bdc  Actual detected object count: 26

16:34:05.0296 0x0bdc  a41a87abfe7b5de1 ( Rootkit.Win32.Necurs.gen ) - skipped by user

16:34:05.0296 0x0bdc  a41a87abfe7b5de1 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip

16:34:05.0296 0x0bdc  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0296 0x0bdc  BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0296 0x0bdc  ELhid ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0296 0x0bdc  ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0312 0x0bdc  ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0312 0x0bdc  ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0312 0x0bdc  ELmon ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0312 0x0bdc  ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0312 0x0bdc  ELmou ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0312 0x0bdc  ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0312 0x0bdc  ELService ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0312 0x0bdc  ELService ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0328 0x0bdc  IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0328 0x0bdc  IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0328 0x0bdc  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0328 0x0bdc  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0328 0x0bdc  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0328 0x0bdc  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0328 0x0bdc  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0328 0x0bdc  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0328 0x0bdc  nltdi ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0328 0x0bdc  nltdi ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0328 0x0bdc  prwntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0328 0x0bdc  prwntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0328 0x0bdc  PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0328 0x0bdc  PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0343 0x0bdc  SliceDisk5 ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0343 0x0bdc  SliceDisk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0343 0x0bdc  syshost32 ( LockedFile.Multi.Generic ) - skipped by user

16:34:05.0343 0x0bdc  syshost32 ( LockedFile.Multi.Generic ) - User select action: Skip

16:34:05.0343 0x0bdc  TVersityMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0343 0x0bdc  TVersityMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0343 0x0bdc  IAAnotif ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0343 0x0bdc  IAAnotif ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0343 0x0bdc  DMAScheduler ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0343 0x0bdc  DMAScheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0343 0x0bdc  Recguard ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0343 0x0bdc  Recguard ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0343 0x0bdc  HPBootOp ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0343 0x0bdc  HPBootOp ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0359 0x0bdc  HP Software Update ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0359 0x0bdc  HP Software Update ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0359 0x0bdc  DU Meter ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0359 0x0bdc  DU Meter ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0359 0x0bdc  TkBellExe ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0359 0x0bdc  TkBellExe ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0359 0x0bdc  QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0359 0x0bdc  QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:05.0359 0x0bdc  AutoSizer ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:05.0359 0x0bdc  AutoSizer ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:35:45.0781 0x059c  Deinitialize success



#4 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 17 August 2014 - 09:49 AM

Any help is greatly appreciated.

 

We were about to try deleting the trojan but got cold feet.  :smash:



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:56 PM

Posted 17 August 2014 - 11:31 AM

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 18 August 2014 - 12:06 AM

Thank you for your help. Here is the FRST log.

--------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01

Ran by N (administrator) on HPMediaCenter1 on 18-08-2014 12:01:20

Running from C:\Documents and Settings\N\My Documents\troj problem

Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

() C:\Program Files\TVersity\Media Server\MediaServer.exe

(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\NLClient.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [98304 2008-11-27] (South Bay Software)

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {06db1a95-83a7-11e1-a0c0-0018f39c1637} - P:\PMBP_Win.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e74-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e7f-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {65faaf9c-f019-11e2-a0fb-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-134122366

Ran by N (administrator) on HPMediaCenter1 on 18-08-2014 12:01:20

Running from C:\Documents and Settings\N\My Documents\troj problem

Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

() C:\Program Files\TVersity\Media Server\MediaServer.exe

(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\NLClient.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [98304 2008-11-27] (South Bay Software)

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {06db1a95-83a7-11e1-a0c0-0018f39c1637} - P:\PMBP_Win.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e74-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e7f-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {65faaf9c-f019-11e2-a0fb-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-134122366

HKU\S-1-5-21-134122366

Ran by N (administrator) on HPMediaCenter1 on 18-08-2014 12:01:20

Running from C:\Documents and Settings\N\My Documents\troj problem

Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

() C:\Program Files\TVersity\Media Server\MediaServer.exe

(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\NLClient.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [98304 2008-11-27] (South Bay Software)

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {06db1a95-83a7-11e1-a0c0-0018f39c1637} - P:\PMBP_Win.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e74-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e7f-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {65faaf9c-f019-11e2-a0fb-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-134122366

HKU\S-1-5-21-134122366

Ran by N (administrator) on HPMediaCenter1 on 18-08-2014 12:01:20

Running from C:\Documents and Settings\N\My Documents\troj problem

Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

() C:\Program Files\TVersity\Media Server\MediaServer.exe

(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\NLClient.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [98304 2008-11-27] (South Bay Software)

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {06db1a95-83a7-11e1-a0c0-0018f39c1637} - P:\PMBP_Win.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e74-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e7f-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {65faaf9c-f019-11e2-a0fb-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-134122366

HKU\S-1-5-21-134122366

Ran by N (administrator) on HPMediaCenter1 on 18-08-2014 12:01:20

Running from C:\Documents and Settings\N\My Documents\troj problem

Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

() C:\Program Files\TVersity\Media Server\MediaServer.exe

(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\NLClient.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [98304 2008-11-27] (South Bay Software)

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {06db1a95-83a7-11e1-a0c0-0018f39c1637} - P:\PMBP_Win.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e74-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e7f-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {65faaf9c-f019-11e2-a0fb-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-134122366

HKU\S-1-5-21-134122366

Ran by N (administrator) on HPMediaCenter1 on 18-08-2014 12:01:20

Running from C:\Documents and Settings\N\My Documents\troj problem

Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

() C:\Program Files\TVersity\Media Server\MediaServer.exe

(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\NLClient.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [98304 2008-11-27] (South Bay Software)

HKU\S-1-5-21-1341223669-955965835-19196

 



#7 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 18 August 2014 - 12:13 AM

Unfortunately I can't attach the additional file on this webOS device. I've posted it below.

------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2014 01

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - C

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - C

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - C

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - C

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - C

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - C

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - C

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\

 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:56 PM

Posted 18 August 2014 - 11:21 AM

I only received part of the FRST log over and over.

Please try running it again and attach the logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 18 August 2014 - 10:35 PM

Sorry about that. Here are the logs again.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01

Ran by N (administrator) on HPMediaCenter1 on 18-08-2014 12:01:20

Running from C:\Documents and Settings\N\My Documents\troj problem

Platform: Microsoft Windows XP Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 6

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

() C:\Program Files\TVersity\Media Server\MediaServer.exe

(Intel Corporation) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Locktime Software) C:\Program Files\NetLimiter 2 Pro\NLClient.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

(South Bay Software) C:\Program Files\AutoSizer\AutoSizer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\Run: [AutoSizer] => C:\Program Files\AutoSizer\AutoSizer.exe [98304 2008-11-27] (South Bay Software)

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {06db1a95-83a7-11e1-a0c0-0018f39c1637} - P:\PMBP_Win.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e74-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {0c611e7f-dd7f-11e2-a0fa-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {65faaf9c-f019-11e2-a0fb-00c0a8c2630b} - K:\AutoRun.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {88bee04a-aee4-11e1-a0c2-00c0a8c2630b} - N:\APPInst.exe

HKU\S-1-5-21-1341223669-955965835-1919621601-1008\...\MountPoints2: {b91ef5a2-f9d9-11df-a09e-0018f39c1637} - N:\APPInst.exe

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk

ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 64.27.19.152:80

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: FlashFXP Helper for Internet Explorer -> {E5A1691B-D188-4419-AD02-90002030B8EE} -> C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)

Tcpip\..\Interfaces\{6E44DB1E-5389-4829-A7E8-2735B8252486}: [NameServer]203.0.178.191,203.12.160.36

Tcpip\..\Interfaces\{D819518C-48E9-4AC0-8A09-27534F98A1EB}: [NameServer]203.0.178.191,61.88.88.88

FireFox:

========

FF ProfilePath: C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default

FF Homepage: about:blank

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=6.0.11.2321 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.2.2379 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\searchplugins\ebaycomau.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

FF Extension: Flash Video Downloader - C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\Extensions\artur.dubovoy@gmail.com [2013-10-18]

FF Extension: No Name - C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\Extensions\staged-xpis [2013-08-24]

FF Extension: FlashGot - C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009-12-11]

FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060} [2013-07-16]

FF Extension: Flash and Video Download - C:\Documents and Settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013-10-18]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-10-02]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-31]

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-10-02]

 

Chrome:

=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "a41a87abfe7b5de1" service could not be unlocked. <===== ATTENTION

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)

R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [1732960 2010-04-15] (Diskeeper Corporation)

R2 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-01] (Intel Corporation) [File not signed]

R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-10-02] (Sun Microsystems, Inc.)

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-06-21] (Hewlett-Packard Company) [File not signed]

R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

R2 nlsvc; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [446464 2006-06-16] (Locktime Software) [File not signed]

R2 syshost32; C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe [103936 2014-07-18] () [File not signed]

R2 TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [827392 2008-11-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 3xHybrid; C:\WINDOWS\System32\DRIVERS\3xHybrid.sys [2829696 2006-04-12] (ASUSTek)

R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-05-21] (Avanquest Software) [File not signed]

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)

S3 DKRtWrt; C:\WINDOWS\System32\DRIVERS\DKRtWrt.sys [46256 2010-03-10] (Diskeeper Corporation)

R3 ELacpi; C:\WINDOWS\System32\DRIVERS\ELacpi.sys [9728 2006-05-09] (Intel Corporation)

R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-09] (Intel Corporation) [File not signed]

R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-09] (Intel Corporation) [File not signed]

R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-09] (Intel Corporation) [File not signed]

R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-09] (Intel Corporation) [File not signed]

R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)

R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [40720 2009-06-18] (Logitech, Inc.)

R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10384 2009-06-18] (Logitech, Inc.)

S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28560 2009-06-18] (Logitech, Inc.)

S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15360 2004-08-04] (Microsoft Corporation)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)

R1 nltdi; C:\WINDOWS\system32\drivers\nltdi.sys [93824 2006-06-15] (Locktime Software) [File not signed]

S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [13064 2010-08-25] () [File not signed]

R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2006-03-10] (Sonic Solutions) [File not signed]

S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-10] ()

S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk.sys [10240 2008-04-03] (Atola) [File not signed]

S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)

S3 WN5301; C:\WINDOWS\System32\DRIVERS\wn5301.sys [468768 2005-10-06] (Liteon Technology Inc.)

S3 ZTEusbnet; C:\WINDOWS\System32\DRIVERS\ZTEusbnet.sys [114688 2009-12-28] (ZTE Corporation)

U5 a41a87abfe7b5de1; C:\Windows\System32\Drivers\a41a87abfe7b5de1.sys [37248 2014-08-07] () <===== ATTENTION Necurs Rootkit?

S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys [X]

S3 neokdss; system32\Drivers\neokdss.sys [X]

U0 Pml Driver HPZ12;

S0 SMR410; System32\drivers\SMR410.SYS [X]

U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-18 12:01 - 2014-08-18 12:01 - 00000000 ____D () C:\FRST

2014-08-14 17:16 - 2014-08-14 17:16 - 00008602 _____ () C:\Documents and Settings\N\Desktop\dds.txt

2014-08-14 17:16 - 2014-08-14 17:16 - 00005361 _____ () C:\Documents and Settings\N\Desktop\attach.txt

2014-08-14 16:01 - 2014-08-14 16:04 - 00000000 ____D () C:\AdwCleaner

2014-08-14 15:58 - 2014-08-18 12:01 - 00000000 ____D () C:\Documents and Settings\N\My Documents\troj problem

2014-08-10 18:36 - 2014-08-10 20:00 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore(2)

2014-08-10 18:22 - 2014-08-10 21:32 - 00000000 ____D () C:\Documents and Settings\N\Local Settings\Application Data\NPE

2014-08-10 18:22 - 2014-08-10 21:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton

2014-08-07 11:53 - 2014-08-07 11:53 - 00037248 _____ () C:\WINDOWS\system32\Drivers\a41a87abfe7b5de1.sys

2014-07-29 20:29 - 2014-07-29 20:29 - 00083202 _____ () C:\Documents and Settings\N\My Documents\Play-Asia_com Shopping Cart 6.htm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 12:01 - 2014-08-18 12:01 - 00000000 ____D () C:\FRST

2014-08-18 12:01 - 2014-08-14 15:58 - 00000000 ____D () C:\Documents and Settings\N\My Documents\troj problem

2014-08-18 12:01 - 2008-11-27 20:03 - 00000000 ____D () C:\Documents and Settings\N\Local Settings\Temp

2014-08-18 11:57 - 2011-11-19 19:10 - 00000000 ____D () C:\Documents and Settings\N\Local Settings\Application Data\NewsBin

2014-08-18 11:18 - 2013-06-25 15:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-08-18 11:14 - 2009-12-09 23:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-08-17 14:18 - 2005-10-18 13:11 - 00032478 _____ () C:\WINDOWS\SchedLgU.Txt

2014-08-17 14:14 - 2009-05-05 17:38 - 00000000 ____D () C:\Program Files\mIRC

2014-08-17 09:31 - 2008-12-01 07:46 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini

2014-08-17 07:10 - 2008-06-05 06:14 - 00000247 _____ () C:\WINDOWS\system\hpsysdrv.dat

2014-08-17 06:39 - 2010-08-31 13:49 - 00837960 _____ () C:\WINDOWS\setupapi.log

2014-08-17 06:39 - 2006-09-12 03:20 - 00068694 _____ () C:\WINDOWS\system32\nvapps.xml

2014-08-17 06:39 - 2005-11-15 07:17 - 00000000 ____D () C:\WINDOWS\Registration

2014-08-17 06:39 - 2005-10-18 22:40 - 00000157 _____ () C:\WINDOWS\wiadebug.log

2014-08-17 06:39 - 2005-10-18 22:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-08-17 06:39 - 2005-10-18 13:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-08-16 20:32 - 2008-12-19 00:26 - 00000000 ____D () C:\Documents and Settings\N\My Documents\Saved pages - misc files

2014-08-16 16:56 - 2012-03-10 22:19 - 00000000 ____D () C:\Documents and Settings\N\Local Settings\Application Data\MPlayer

2014-08-16 16:56 - 2012-03-10 22:15 - 00000000 ____D () C:\Program Files\PS3 Media Server

2014-08-15 15:02 - 2008-11-28 01:05 - 00198144 _____ () C:\Documents and Settings\N\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-14 17:16 - 2014-08-14 17:16 - 00008602 _____ () C:\Documents and Settings\N\Desktop\dds.txt

2014-08-14 17:16 - 2014-08-14 17:16 - 00005361 _____ () C:\Documents and Settings\N\Desktop\attach.txt

2014-08-14 16:27 - 2008-11-29 02:38 - 00131072 _____ () C:\WINDOWS\system32\config\NetLimit.evt

2014-08-14 16:27 - 2008-11-27 20:03 - 00000178 ___SH () C:\Documents and Settings\N\ntuser.ini

2014-08-14 16:27 - 2005-10-18 13:11 - 00433349 _____ () C:\WINDOWS\WindowsUpdate.log

2014-08-14 16:04 - 2014-08-14 16:01 - 00000000 ____D () C:\AdwCleaner

2014-08-11 19:58 - 2008-11-29 01:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Trend Micro

2014-08-11 19:35 - 2012-07-08 21:25 - 00000475 _____ () C:\Documents and Settings\N\Desktop\Shortcut to __Desktop backup.lnk

2014-08-11 13:20 - 2008-12-27 16:53 - 00054913 _____ () C:\Documents and Settings\N\Desktop\open these.txt

2014-08-10 21:32 - 2014-08-10 18:22 - 00000000 ____D () C:\Documents and Settings\N\Local Settings\Application Data\NPE

2014-08-10 21:07 - 2014-08-10 18:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton

2014-08-10 20:03 - 2005-10-18 12:52 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl

2014-08-10 20:00 - 2014-08-10 18:36 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore(2)

2014-08-10 20:00 - 2008-11-24 01:54 - 00000000 ____D () C:\Documents and Settings\HP_Administrator

2014-08-10 20:00 - 2006-09-12 02:51 - 00000000 __SHD () C:\Documents and Settings\NetworkService

2014-08-10 20:00 - 2006-09-12 02:51 - 00000000 __SHD () C:\Documents and Settings\LocalService

2014-08-10 20:00 - 2005-11-15 07:17 - 00000000 ____D () C:\WINDOWS\security

2014-08-10 20:00 - 2005-11-15 06:40 - 00000000 ____D () C:\Documents and Settings\Administrator

2014-08-10 18:53 - 2008-11-29 02:00 - 151376252 _____ () C:\WINDOWS\TmComm.log

2014-08-10 09:09 - 2009-02-13 22:04 - 00000000 ____D () C:\Program Files\FlashGet

2014-08-08 02:02 - 2009-04-01 18:52 - 00000000 ____D () C:\Documents and Settings\N\My Documents\Ebay

2014-08-07 11:53 - 2014-08-07 11:53 - 00037248 _____ () C:\WINDOWS\system32\Drivers\a41a87abfe7b5de1.sys

2014-08-07 11:53 - 2008-11-29 01:56 - 00049767 _____ () C:\WINDOWS\tmevtmgr.log

2014-08-04 16:18 - 2005-10-18 12:50 - 00397427 _____ () C:\WINDOWS\setupact.log

 

Some content of TEMP:

====================

C:\Documents and Settings\N\Local Settings\Temp\atl80.dll

C:\Documents and Settings\N\Local Settings\Temp\DataCard_Setup.exe

C:\Documents and Settings\N\Local Settings\Temp\mfc80.dll

C:\Documents and Settings\N\Local Settings\Temp\mfc80u.dll

C:\Documents and Settings\N\Local Settings\Temp\mfcm80.dll

C:\Documents and Settings\N\Local Settings\Temp\mfcm80u.dll

C:\Documents and Settings\N\Local Settings\Temp\msvcm80.dll

C:\Documents and Settings\N\Local Settings\Temp\msvcp80.dll

C:\Documents and Settings\N\Local Settings\Temp\msvcr80.dll

C:\Documents and Settings\N\Local Settings\Temp\Quarantine.exe

C:\Documents and Settings\N\Local Settings\Temp\ResetDevice.exe

C:\Documents and Settings\N\Local Settings\Temp\TmDbg32.dll

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#10 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 18 August 2014 - 10:42 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2014 01

Ran by N at 2014-08-18 12:02:37

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )

A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )

Active@ Partition Recovery Enterprise (HKLM\...\Active@ Partition Recovery Enterprise) (Version:  - )

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)

Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

AutoSizer (HKLM\...\AutoSizer) (Version:  - )

AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )

AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )

Beyond Compare version 3.0.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.27.958 - Webteh, d.o.o.)

Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-PhotoPrint Pro (HKLM\...\Easy-PhotoPrint Pro) (Version:  - )

Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )

Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )

Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )

Chuzzle (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)

CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 4.0.1.0501 - Code Laboratories, Inc.)

Combined Community Codec Pack 2011-07-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)

Convert & Open (HKLM\...\Convert & Open) (Version:  - )

CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version:  - )

CoreAVC Professional Edition (remove only) (HKLM\...\CoreAVC Professional Edition) (Version:  - )

Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden

Data Lifeguard Diagnostic for Windows 1.21 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden

DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden

DirLister 1.0 (HKLM\...\DirLister) (Version: 1.0 - DukeLupus)

Diskeeper 2010 Pro Premier (HKLM\...\{C4C843CE-5851-41BC-A17B-E158B996B50D}) (Version: 14.0.903.32 - Diskeeper Corporation)

DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)

Dupehunter Professional (HKLM\...\Dupehunter Professional) (Version: 6.0.0.2907 - Carsten Heidtke Software)

DVDInfoPro (HKLM\...\DVDInfoPro) (Version:  - )

EASEUS Data Recovery Wizard Professional 5.0.1 (HKLM\...\EASEUS Data Recovery Wizard Professional 5.0.1_is1) (Version:  - EASEUS)

EASEUS Partition Recovery 5.0.1 (HKLM\...\EASEUS Partition Recovery_is1) (Version:  - EASEUS)

Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )

erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden

FileZilla Client 3.3.4.1 (HKLM\...\FileZilla Client) (Version: 3.3.4.1 - )

FinalData Enterprise 2.0 (HKLM\...\FinalData Enterprise 2.0) (Version:  - )

Find and Mount 2.31 (HKLM\...\Find and Mount_is1) (Version: 2.31 - A-FF Data Recovery)

FlashGet(JetCar) (HKLM\...\FlashGet(JetCar)) (Version:  - )

Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )

HashCalc 2.02 (HKLM\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)

HashTab 1.14 for x32 (HKLM\...\HashTab) (Version: 1.14 for x32 - Cody Batt)

HDD Regenerator (HKLM\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)

High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)

HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)

HP DigitalMedia Archive (HKLM\...\{F80239D8-7811-4D5E-B033-0D0BBFE32920}) (Version: 2.0 - Hewlett-Packard)

HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )

HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)

HP Software Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - HEWLET~1|Hewlett-Packard)

HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden

HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden

ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.2.0 - LIGHTNING UK!)

Insaniquarium Deluxe (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}) (Version:  - Oberon Media)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )

Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )

Intel® Quick Resume Technology Drivers (HKLM\...\EL) (Version:  - )

Intel® Viiv™ Software (HKLM\...\{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}) (Version: 1.0.3.2019 - Intel Corporation)

iTunes (HKLM\...\{81063354-9060-42B2-A000-1EBE96778AA9}) (Version: 9.0.3.15 - Apple Inc.)

J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)

Java Auto Updater (Version: 2.1.5.3 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)

Java™ 7 Update 2 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217002FF}) (Version: 7.0.20 - Oracle)

JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)

KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden

LightScribe  1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden

Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)

Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )

MainConcept for Software Encoder (HKLM\...\InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}) (Version: 1.1.0.26 - MainConcept)

MainConcept for Software Encoder (Version: 1.1.0.26 - MainConcept) Hidden

MediaInfo 0.7.7.8 (HKLM\...\MediaInfo) (Version: 0.7.7.8 - )

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)

Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)

mIRC (HKLM\...\mIRC) (Version:  - )

MKVToolNix 5.5.0 (HKLM\...\MKVToolNix) (Version: 5.5.0 - Moritz Bunkus)

Mozilla Firefox (3.5.7) (HKLM\...\Mozilla Firefox (3.5.7)) (Version: 3.5.7 (en-GB) - Mozilla)

MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)

Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )

NetLimiter 2 Pro (remove only) (HKLM\...\NetLimiter 2 Pro) (Version:  - )

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )

Onlineeye Pro (HKLM\...\OnlineEye) (Version:  - )

Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )

PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4060.15 - PC-Doctor, Inc.)

PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.50.1 - PS3 Media Server)

PTDD Partition Table Doctor 3.0 (HKLM\...\{1CFF36CE-2A4C-4ABD-9251-284491A383D2}) (Version:  - )

PTDD Partition Table Doctor 3.5 (HKLM\...\{A35F88E5-A813-400C-AB99-09F5F5CDD2EC}) (Version: 3.50.0000 - PTDD Group)

Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )

Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)

QT Lite 2.7.0 (HKLM\...\qt7lite_is1) (Version: 2.7.0 - )

QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)

QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)

RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )

Recover My Files (HKLM\...\Recover My Files_is1) (Version: 3.9.8.6220 - GetData Pty Ltd)

Replay Converter 3 (HKLM\...\Replay Converter 3) (Version: 3.20 - Applian Technologies Inc.)

Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)

TVersity Media Server  1.0.0.8 RC5 (HKLM\...\TVersity Media Server ) (Version: 1.0.0.8 RC5 - TVersity)

UltraEdit-32 (HKLM\...\{43B6667D-7520-4186-B05B-F5C0494C495D}) (Version: 11.10c - IDM Computer Solutions)

Unload (Version: 7.0.0 - Hewlett-Packard) Hidden

Update for Windows XP (KB912945) (HKLM\...\KB912945) (Version: 1 - Microsoft Corporation)

Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)

Updates from HP (remove only) (HKLM\...\HPOOVClient-9972322 Uninstaller) (Version:  - )

VideoLAN VLC media player 0.8.6d (HKLM\...\VLC media player) (Version: 0.8.6d - VideoLAN Team)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )

Windows Driver Package - Cmotech (cmusbnet) Net  (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)

Windows Driver Package - Cmotech Modem  (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)

Windows Driver Package - Cmotech Ports  (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)

Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)

Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)

Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)

Windows XP Hotfix - KB883667 (HKLM\...\KB883667) (Version: 20040812.104354 - Microsoft Corporation)

Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)

Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)

Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)

Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)

Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)

Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)

Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)

Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)

Windows XP Hotfix - KB892050 (HKLM\...\KB892050) (Version: 3 - Microsoft Corporation)

Windows XP Hotfix - KB893066 (HKLM\...\KB893066) (Version: 1 - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB912067 (HKLM\...\KB912067) (Version:  - Microsoft Corporation)

WinHTTrack Website Copier 3.33 (HKLM\...\WinHTTrack Website Copier_is1) (Version:  - HTTrack)

Wireless Broadband (HKLM\...\Wireless Broadband) (Version: 11.300.05.10.74 - Huawei Technologies Co.,Ltd)

XviD4PSP 5.10.265.0 (HKLM\...\XviD4PSP5_is1) (Version:  - Winnydows & fcp team)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

CustomCLSID: HKU\S-1-5-21-1341223669-955965835-1919621601-1008_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

 

==================== Restore Points  =========================

 

Could not list Restore Points. Check "winmgmt" service or repair WMI.

 

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 21:00 - 2004-08-10 21:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\Calculator.job => C:\WINDOWS\system32\calc.exe

 

==================== Loaded Modules (whitelisted) =============

 

2004-08-10 14:00 - 2005-08-05 21:01 - 00282112 _____ () C:\WINDOWS\system32\sbe.dll

2004-08-10 14:00 - 2005-08-30 21:13 - 01287680 _____ () C:\WINDOWS\system32\quartz.dll

2004-08-10 14:00 - 2004-08-10 14:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2004-08-10 14:00 - 2004-08-10 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2005-08-05 20:05 - 2005-08-05 20:05 - 00064512 ____N () C:\WINDOWS\system32\MSNP.ax

2004-08-10 21:00 - 2005-08-05 20:06 - 00165376 _____ () C:\WINDOWS\system32\mpg2splt.ax

2005-08-05 21:02 - 2005-08-05 21:02 - 00224256 _____ () C:\WINDOWS\system32\PsisRndr.ax

2004-08-10 21:00 - 2005-08-05 21:01 - 00167936 _____ () C:\WINDOWS\system32\WSTPager.ax

2004-08-10 21:00 - 2005-08-05 21:01 - 00159744 _____ () C:\WINDOWS\system32\VBICodec.ax

2004-08-10 14:00 - 2005-08-05 21:01 - 00356352 _____ () C:\WINDOWS\system32\encdec.dll

2005-08-05 21:01 - 2005-08-05 21:01 - 00239104 _____ () C:\WINDOWS\system32\PsisDecd.dll

2004-08-10 21:00 - 2005-08-05 21:01 - 00062976 _____ () C:\WINDOWS\system32\Mpeg2Data.ax

2008-11-28 07:00 - 2008-11-28 07:00 - 00827392 _____ () C:\Program Files\TVersity\Media Server\MediaServer.exe

2008-11-28 07:00 - 2008-11-28 07:00 - 00344064 _____ () C:\Program Files\TVersity\Media Server\taglib.dll

2008-11-28 07:00 - 2008-11-28 07:00 - 00729088 _____ () C:\Program Files\TVersity\Media Server\X11.dll

2008-11-28 06:59 - 2008-11-28 06:59 - 00163840 _____ () C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll

2008-11-28 07:00 - 2008-11-28 07:00 - 00327680 _____ () C:\Program Files\TVersity\Media Server\libcurl.dll

2008-11-28 07:00 - 2008-11-28 07:00 - 00729088 _____ () C:\Program Files\TVersity\Media Server\log4cxx.dll

2008-11-28 06:59 - 2008-11-28 06:59 - 04055040 _____ () C:\Program Files\TVersity\Media Server\avcodec-51.dll

2008-11-28 06:59 - 2008-11-28 06:59 - 00026112 _____ () C:\Program Files\TVersity\Media Server\avutil-49.dll

2008-11-28 06:59 - 2008-11-28 06:59 - 00443904 _____ () C:\Program Files\TVersity\Media Server\avformat-51.dll

2008-11-28 07:00 - 2008-11-28 07:00 - 00466975 _____ () C:\Program Files\TVersity\Media Server\sqlite3.dll

2004-08-10 14:00 - 2005-08-30 21:13 - 01287680 _____ () C:\WINDOWS\system32\QUARTZ.dll

2006-09-16 15:03 - 2006-09-16 15:03 - 00007680 _____ () C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_GRAY_.dll

2008-11-27 23:40 - 2008-11-27 23:40 - 00049152 _____ () C:\Program Files\AutoSizer\AutoSizer.dll

2008-11-27 23:42 - 2007-05-22 09:59 - 00128512 _____ () C:\Program Files\WinRAR\rarext.dll

2011-02-13 15:51 - 2009-07-20 12:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll

2009-11-03 14:51 - 2009-11-03 14:51 - 00039712 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

2009-11-03 14:51 - 2009-11-03 14:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1AAB2E68

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CFDCA54

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34882181.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34882181.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Documents and Settings^N^Start Menu^Programs^Startup^PinMcLnk.lnk => C:\WINDOWS\pss\PinMcLnk.lnkStartup

MSCONFIG\startupreg: ccApp => "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

MSCONFIG\startupreg: IS CfgWiz => c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"

MSCONFIG\startupreg: Lexmark X1100 Series => "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background

MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe

MSCONFIG\startupreg: SSC_UserPrompt => "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"

MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

MSCONFIG\startupreg: VersionCheck => "C:\Program Files\Onlineeye Pro\vcheck.exe"

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

==================== Event log errors: =========================

Application errors:

==================

Error: (08/18/2014 00:01:47 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Error: (08/18/2014 00:01:44 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/18/2014 00:01:44 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Error: (08/18/2014 00:01:41 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (08/17/2014 06:39:40 AM) (Source: SecurityCenter) (EventID: 1802) (User: )

Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

 

Error: (08/17/2014 06:39:40 AM) (Source: WinMgmt) (EventID: 28) (User: )

Description: WinMgmt could not initialize the core parts.  This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (08/14/2014 04:29:34 PM) (Source: SecurityCenter) (EventID: 1802) (User: )

Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

 

Error: (08/14/2014 04:29:34 PM) (Source: WinMgmt) (EventID: 28) (User: )

Description: WinMgmt could not initialize the core parts.  This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (08/14/2014 04:08:06 PM) (Source: SecurityCenter) (EventID: 1802) (User: )

Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

 

Error: (08/14/2014 04:08:06 PM) (Source: WinMgmt) (EventID: 28) (User: )

Description: WinMgmt could not initialize the core parts.  This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

 

System errors:

=============

Microsoft Office Sessions:

=========================

Error: (08/18/2014 00:01:47 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

 

Error: (08/18/2014 00:01:44 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/18/2014 00:01:44 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

 

Error: (08/18/2014 00:01:41 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (08/17/2014 06:39:40 AM) (Source: SecurityCenter) (EventID: 1802) (User: )

Description:

 

Error: (08/17/2014 06:39:40 AM) (Source: WinMgmt) (EventID: 28) (User: )

Description:

Error: (08/14/2014 04:29:34 PM) (Source: SecurityCenter) (EventID: 1802) (User: )

Description:

 

Error: (08/14/2014 04:29:34 PM) (Source: WinMgmt) (EventID: 28) (User: )

Description:

Error: (08/14/2014 04:08:06 PM) (Source: SecurityCenter) (EventID: 1802) (User: )

Description:

 

Error: (08/14/2014 04:08:06 PM) (Source: WinMgmt) (EventID: 28) (User: )

Description:

 

==================== Memory info ===========================

 

Processor: Intel® Core™2 CPU 6300 @ 1.86GHz

Percentage of memory in use: 20%

Total physical RAM: 3070.38 MB

Available physical RAM: 2448.38 MB

Total Pagefile: 4955.16 MB

Available Pagefile: 4494.73 MB

Total Virtual: 2047.88 MB

Available Virtual: 1937.89 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:224.54 GB) (Free:1.97 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (HP_RECOVERY) (Fixed) (Total:8.32 GB) (Free:0.55 GB) FAT32 ==>[Drive with boot components (Windows XP)]

Drive g: (My Passport) (Fixed) (Total:1862.98 GB) (Free:0.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: CAB10BEE)

Partition 1: (Active) - (Size=224.5 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=8.3 GB) - (Type=0C)

 

========================================================

Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:56 PM

Posted 19 August 2014 - 11:11 AM

Please do the following:

Download attached fixlist.txt file and save it to the C:\Documents and Settings\N\My Documents\troj problem folder as that is where FRST.exe is saved.

Attached File  FixList.txt   765bytes   7 downloads


NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 19 August 2014 - 10:07 PM

Thanks for the help.

 

Here is the log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01

Ran by N at 2014-08-20 10:51:20 Run:1

Running from C:\Documents and Settings\N\My Documents\troj problem

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

() C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

ProxyServer: 64.27.19.152:80

Locked "a41a87abfe7b5de1" service could not be unlocked. <===== ATTENTION

R2 syshost32; C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe [103936 2014-07-18] () [File not signed]

C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

U5 a41a87abfe7b5de1; C:\Windows\System32\Drivers\a41a87abfe7b5de1.sys [37248 2014-08-07] () <===== ATTENTION Necurs Rootkit?

Unlock: C:\Windows\System32\Drivers\a41a87abfe7b5de1.sys

C:\Windows\System32\Drivers\a41a87abfe7b5de1.sys

EmptyTemp:

Task: C:\WINDOWS\Tasks\Calculator.job => C:\WINDOWS\system32\calc.exe

end

*****************

C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe => No running process found

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

Locked "a41a87abfe7b5de1" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.

syshost32 => Unable to stop service

syshost32 => Service deleted successfully.

Could not move "C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe" => Scheduled to move on reboot.

C:\Program Files\TVersity\Media Server\MediaServer.exe => Moved successfully.

a41a87abfe7b5de1 => Error deleting Service

"C:\Windows\System32\Drivers\a41a87abfe7b5de1.sys" => Error unlocking File/Diroctory.

Could not move "C:\Windows\System32\Drivers\a41a87abfe7b5de1.sys" => Scheduled to move on reboot.

C:\WINDOWS\Tasks\Calculator.job => Moved successfully.

EmptyTemp: => Removed 448.6 MB temporary data.

 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-20 10:55:01)<=

 

"C:\WINDOWS\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe" => File could not move.

"C:\Windows\System32\Drivers\a41a87abfe7b5de1.sys" => File could not move.

==== End of Fixlog ====



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:56 PM

Posted 20 August 2014 - 09:53 AM

we still have more work to do,

please do the following:

Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
cfRC_screen_2.png
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Zonda787

Zonda787
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 20 August 2014 - 09:45 PM

ComboFix 14-08-19.01 - N 21/08/2014  12:10:18.1.2 - x86

Running from: c:\documents and settings\N\Desktop\ComboFix.exe

* Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator\WINDOWS

c:\documents and settings\N\WINDOWS

c:\hp\bin\cloaker.exe

c:\windows\Installer\{5BFD60E6-6893-26AE-60A5-3F7040603461}\syshost.exe

c:\windows\p.exe

c:\windows\system32\AdCache

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\drivers\a41a87abfe7b5de1.sys

c:\windows\XSxS

D:\Autorun.inf

N:\Autorun.inf

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SYSHOST32

-------\Legacy_a41a87abfe7b5de1

-------\Service_a41a87abfe7b5de1

.

.

(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))

.

.

2014-08-18 02:01 . 2014-08-20 00:55 -------- d-----w- C:\FRST

2014-08-14 06:01 . 2014-08-14 06:04 -------- d-----w- C:\AdwCleaner

2014-08-10 08:36 . 2014-08-10 10:00 -------- d-----w- c:\windows\system32\MpEngineStore(2)

2014-08-10 08:22 . 2014-08-10 11:32 -------- d-----w- c:\documents and settings\N\Local Settings\Application Data\NPE

2014-08-10 08:22 . 2014-08-10 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AutoSizer"="c:\program files\AutoSizer\AutoSizer.exe" [2008-11-27 98304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7622656]

"nwiz"="nwiz.exe" [2006-06-21 1519616]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-12 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-16 49152]

"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-11 180269]

"QuickTime Task"="c:\program files\QT Lite\qttask.exe" [2009-11-10 417792]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-11 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 02:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^N^Start Menu^Programs^Startup^PinMcLnk.lnk]

path=c:\documents and settings\N\Start Menu\Programs\Startup\PinMcLnk.lnk

backup=c:\windows\pss\PinMcLnk.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 23:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 01:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-09-11 17:29 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VersionCheck]

2005-08-26 23:05 167936 ----a-w- c:\program files\Onlineeye Pro\VCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

.

S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-04-12 2829696]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 05:26]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PAVILION&pf=desktop

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = 64.27.19.152:80

IE: &Convert and Open - c:\progra~1\Camtech\CONVER~1\ConvertIt.htm

IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm

IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm

TCP: Interfaces\{6E44DB1E-5389-4829-A7E8-2735B8252486}: NameServer = 203.0.178.191,203.12.160.36

TCP: Interfaces\{D819518C-48E9-4AC0-8A09-27534F98A1EB}: NameServer = 203.0.178.191,61.88.88.88

FF - ProfilePath - c:\documents and settings\N\Application Data\Mozilla\Firefox\Profiles\jdest6fm.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Download YouTube Videos as MP4: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

FF - Ext: Flash Video Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-PCDrProfiler - (no file)

c:\documents and settings\Default User\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat

c:\documents and settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk - c:\hp\bin\cloaker.exe c:\hp\bin\PinMcLnkToStart.bat

SafeBoot-34882181.sys

SafeBoot-Wdf01000.sys

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-IS CfgWiz - c:\program files\Norton Internet Security\cfgwiz.exe

MSConfigStartUp-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-08-21 12:18

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(852)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(3504)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\program files\AutoSizer\AutoSizer.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\NetLimiter 2 Pro\nlsvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\NetLimiter 2 Pro\NLClient.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

.

**************************************************************************

.

Completion time: 2014-08-21  12:22:44 - machine was rebooted

ComboFix-quarantined-files.txt  2014-08-21 02:22

.

Pre-Run: 1,871,863,808 bytes free

Post-Run: 1,740,087,296 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=3

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

.

- - End Of File - - FA301879CA05976DF64B2EB9342D6495

D11C727E03BB7318DCDA069B06E652F0

 



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:56 PM

Posted 21 August 2014 - 11:27 AM

looks better,

Please do the following:

Please download Malwarebytes Anti-Malware from here:
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ and save it to your desktop.
• Double-click mbam-setup .exe file and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
○ Launch Malwarebytes Anti-Malware
○ A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

• When completed click the down arrow on Export Log and select Text file (*.txt)
• Save the file to your desktop as MBAM
• Click Apply Actions then restart your computer if requested
• Attach the MBAM.txt to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users