Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple redirect & security issues after recent hark & backdoor access attacks


  • This topic is locked This topic is locked
46 replies to this topic

#1 Julesverne

Julesverne

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 02 September 2014 - 12:02 PM

Mod Edit:  Please...do NOT create any more posts/topics about this issue.  You have posted 5 times now and 4 have been deleted (because they serve no purpose) - Hamluis.

 

Thanks in advance for help, because I'm in over my head and I've got a big mess.

 

Background: I'm running xp sp3 and my computer was fine until the day Microsoft pulled the plug. It started constantly freezing & crashing, then keys started freezing, system got terribly sluggish, etc. No scans (MBAM, AVG and then more recently avast, which I opted for instead of AVG) showed anything wrong until about two weeks ago, when a full system scan in avast found hark_com[1].txt in my Local Service folder. When I moved it to quarantine it vanished altogether instead, although the scan log says it was moved successfully to the virus chest. (The scan log doesn't give me the original full file path, either).

 

Then Malwarebytes found Backdoor.0Access in several ntuninstallkb files. I quarantined those, but deleted them a few days later when my system seemed stable. Not a good idea, perhaps.

 

Since then I've begun having major issues with constant re-directed page attempts. Firefox seems to be successfully blocking them but it's near constant an very annoying! Also, now Internet access gets blocked, but only on occasion: I get sporadic pop-ups saying the server needs my password/user name to access the internet (I close these windows, but sometimes they keep re-opening several times before they go away). I've realized the redirect programs were already on my computer for a long time, but the DNS server popups are very recent.

 

Just today, Rogue Killer has found Suspicious.Path, multiple instances of PUM.DNS plus several more PUMs, and AdwCleaner found & removed (unsuccessfully) a folder in Mozilla Profiles that keeps coming right back.

 

Obviously I've got a major problem.

 

FYI, I run Rkill before attempts to scan/repair and it consistently stops AutoDect.exe

 

One more thing: Windows firewall is turned off & avast firewall is turned on. This is also a recent change, and you can be sure I'm not impressed...

 

Following are the scan logs I can muster, or my notes about them.

Major thanks for the help.

 

Avast - I can't find an exportable scan report; if you can tell me where to look for it I'll look. But I found a Virus Chest report that indicates an error occurring - this is when the hark_com[1].txt file disappeared instead of actually being quarantined:

 

8/21/2014    10:41:17 AM    chest start
8/21/2014    10:47:48 AM    chest start
8/21/2014    5:51:53 PM    chest stop
8/21/2014    5:51:54 PM    Error 1717 in chestFreeHandle
8/21/2014    6:26:39 PM    Error 1753 in chestGetHandle
8/21/2014    6:47:56 PM    chest start
8/22/2014    6:53:27 PM    chest stop
8/22/2014    8:28:30 PM    chest start

 

 

Malwarebytes

  <?xml version="1.0" encoding="UTF-16" ?>
- <mbam-log>
- <header>
  <date>2014/08/22 13:14:23 +0200</date>
  <logfile>mbam-log-2014-08-22 (13-14-20).xml</logfile>
  <isadmin>yes</isadmin>
  </header>
- <engine>
  <version>2.00.2.1012</version>
  <malware-database>v2014.08.22.04</malware-database>
  <rootkit-database>v2014.08.21.01</rootkit-database>
  <license>free</license>
  <file-protection>disabled</file-protection>
  <web-protection>disabled</web-protection>
  <self-protection>enabled</self-protection>
  </engine>
- <system>
  <osversion>Windows XP Service Pack 3</osversion>
  <arch>x86</arch>
  <username>Jon</username>
  <filesys>NTFS</filesys>
  </system>
- <summary>
  <type>threat</type>
  <result>completed</result>
  <objects>281815</objects>
  <time>2984</time>
  <processes>0</processes>
  <modules>0</modules>
  <keys>0</keys>
  <values>0</values>
  <datas>0</datas>
  <folders>4</folders>
  <files>11</files>
  <sectors>0</sectors>
  </summary>
- <options>
  <memory>enabled</memory>
  <startup>enabled</startup>
  <filesystem>enabled</filesystem>
  <archives>enabled</archives>
  <rootkits>enabled</rootkits>
  <deeprootkit>disabled</deeprootkit>
  <heuristics>enabled</heuristics>
  <pup>enabled</pup>
  <pum>enabled</pum>
  </options>
- <items>
- <folder>
  <path>c:\windows\$ntuninstallkb15624$\1783183021</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>42574188691232042e9812eed82805fb</hash>
  </folder>
- <folder>
  <path>c:\windows\$ntuninstallkb15624$\374418265</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>dcbd6b5e601bab8b497ef709aa56827e</hash>
  </folder>
- <folder>
  <path>c:\windows\$ntuninstallkb15624$\374418265\l</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>dcbd6b5e601bab8b497ef709aa56827e</hash>
  </folder>
- <folder>
  <path>c:\windows\$ntuninstallkb15624$\374418265\u</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>dcbd6b5e601bab8b497ef709aa56827e</hash>
  </folder>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\l\00000004.@</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>aced19b03546ec4a5a64d927897755ab</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\l\1afb2d56</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>34655b6e7308d75f724cf60abd4315eb</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\l\201d3dde</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>3c5dba0ff18aab8b704e1ee29e62b54b</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\l\ppamibfg</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>ddbc6b5e16653303e1dd946c629e21df</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\u\00000004.@</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>08914f7a314aff374c70916ffd03a759</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\u\00000008.@</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>2b6e4d7c77046ec80daf52ae639d08f8</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\u\000000cb.@</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>8c0d0ebb1d5efa3c06b610f09c64cb35</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\u\80000000.@</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>47526e5b7cffb383378557a9e11f3dc3</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\u\80000032.@</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>16835b6ee992a59136867f8148b83dc3</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\@</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>dcbd6b5e601bab8b497ef709aa56827e</hash>
  </file>
- <file>
  <path>c:\windows\$ntuninstallkb15624$\374418265\desktop.ini</path>
  <vendor>Backdoor.0Access</vendor>
  <action>success</action>
  <hash>dcbd6b5e601bab8b497ef709aa56827e</hash>
  </file>
  </items>
  </mbam-log>

 

 

RogueKiller

RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Scan -- Date : 09/02/2014  14:42:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Partner Service -> FOUND
[PUM.Proxy] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 0.0.0.0:80  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 80.58.61.250 80.58.61.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 80.58.61.250 80.58.61.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 80.58.61.250 80.58.61.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{194E84DB-1C6E-43ED-9912-6E794BE4F315} | DhcpNameServer : 80.58.61.250 80.58.61.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{194E84DB-1C6E-43ED-9912-6E794BE4F315} | DhcpNameServer : 80.58.61.250 80.58.61.254  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{194E84DB-1C6E-43ED-9912-6E794BE4F315} | DhcpNameServer : 80.58.61.250 80.58.61.254  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.HomePage] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Internet Explorer\Main | Start Page : about:blank  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM160HI +++++
--- User ---
[MBR] baefa86846c84853d86531f91eeee634
[BSP] 5baa80759c7232655d01cfe80b98f46b : Kiwi MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 12594960 | Size: 72747 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161581056 | Size: 73729 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_08292014_224559.log - RKreport_SCN_08292014_220039.log

 

AdwCleaner

# AdwCleaner v3.308 - Report created 02/09/2014 at 16:49:47
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jon - JANETMINI
# Running from : C:\Documents and Settings\Jon\My Documents\Downloads\System Scanners & Cleaners\adwcleaner_3.308.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\q7ucmmv1.default-1404806262968\prefs.js ]


-\\ Google Chrome v36.0.1985.143

*************************

AdwCleaner[R0].txt - [2619 octets] - [29/08/2014 22:52:22]
AdwCleaner[R1].txt - [1030 octets] - [02/09/2014 10:13:50]
AdwCleaner[R2].txt - [1151 octets] - [02/09/2014 10:35:59]
AdwCleaner[R3].txt - [979 octets] - [02/09/2014 16:49:47]
AdwCleaner[S0].txt - [2728 octets] - [29/08/2014 23:07:47]
AdwCleaner[S1].txt - [1092 octets] - [02/09/2014 10:28:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1158 octets] ##########

 

 

Rkill

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2014 02:35:00 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\SupportAppXL\AutoDect.exe (PID: 648) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    100sexlinks.com

  20 out of 15121 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 09/02/2014 02:36:36 PM
Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)


 


Edited by hamluis, 02 September 2014 - 12:18 PM.
PM sent.


BC AdBot (Login to Remove)

 


#2 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 02 September 2014 - 04:47 PM

Mod Edit:  Please...do NOT create any more posts/topics about this issue.  You have posted 5 times now and 4 have been deleted (because they serve no purpose) - Hamluis.

 

Apologies! It was unintentional, and possibly related to the navigation problems I'm having. Many pages are being blocked & it appeared my message hadn't posted even once, let alone 5 times! Really sorry. No pestering intended. :love4u:



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 07 September 2014 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 09 September 2014 - 09:15 AM

Hi, nasdaq.

The logs follow below, but first a very important development. Before you posted to me, I also discovered (using SpyHunter 4) a new Trojan & some other malware:

 

Trojan.Agent.kro is in C:\Program Files\Smsung\Easy Network Manager\SUE_PD.sys

doubleTwist BHP plugin is in System Volume Information\_restore{58206F0A-134C-4DEA-A862-0F1275E8C090}\RP1\A0000002.dll

 

I also have lost several Word documents, presumably eaten up by some virus... I'm not crying yet... (I'm also not opening any document files).

 

 

 

# AdwCleaner v3.309 - Report created 09/09/2014 at 15:09:09
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jon - JANETMINI
# Running from : C:\Documents and Settings\Jon\My Documents\Downloads\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\q7ucmmv1.default-1404806262968\prefs.js ]


-\\ Google Chrome v37.0.2062.103

[ File : C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2619 octets] - [29/08/2014 22:52:22]
AdwCleaner[R1].txt - [1030 octets] - [02/09/2014 10:13:50]
AdwCleaner[R2].txt - [1151 octets] - [02/09/2014 10:35:59]
AdwCleaner[R3].txt - [1238 octets] - [02/09/2014 16:49:47]
AdwCleaner[R4].txt - [1489 octets] - [09/09/2014 13:53:01]
AdwCleaner[R5].txt - [1549 octets] - [09/09/2014 14:02:18]
AdwCleaner[S0].txt - [2728 octets] - [29/08/2014 23:07:47]
AdwCleaner[S1].txt - [1092 octets] - [02/09/2014 10:28:14]
AdwCleaner[S2].txt - [1473 octets] - [09/09/2014 15:09:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1533 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Jon (administrator) on JANETMINI on 09-09-2014 15:15:25
Running from C:\Documents and Settings\Jon\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DMHotKey] => C:\Program Files\Samsung Electronics Co., Ltd.\Easy Display Manager\DMLoader.exe [466944 2006-12-27] (SAMSUNG Electronics)
HKLM\...\Run: [autodetect] => C:\WINDOWS\system32\SupportAppXL\AutoDect.exe [95368 2010-03-12] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-4049577926-3462803898-1742995077-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4049577926-3462803898-1742995077-1005\...\MountPoints2: {536d124b-bf04-11de-80ab-001377b72a3c} - E:\SETUP.EXE
HKU\S-1-5-21-4049577926-3462803898-1742995077-1005\...\MountPoints2: {8a64b8ca-0048-11df-80c3-001377b72a3c} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
ShortcutTarget: Bluetooth.lnk.disabled -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Jon\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 0.0.0.0:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_enUS350
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1359834116296
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\q7ucmmv1.default-1404806262968
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-18]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-19]

Chrome:
=======
CHR HomePage: Default ->
CHR CustomProfile: C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]
CHR Extension: (YouTube) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-02]
CHR Extension: (Google Search) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-02]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-05]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-19]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-17] (AVAST Software)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SRS_WOWXT_Service; C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [66792 2009-05-19] (SRS Labs, Inc.)
R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-04-21] (Marvell)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1334432 2008-10-08] (Atheros Communications, Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-19] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-08-17] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-19] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-08-17] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [252872 2014-08-17] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-19] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-19] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-19] ()
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539640 2008-07-27] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2008-07-27] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879832 2008-07-29] (Broadcom Corporation.)
R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37280 2008-07-27] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2008-07-27] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [38400 2009-07-13] (Samsung Electronics Co., Ltd.) [File not signed]
R2 DOSMEMIO; C:\WINDOWS\system32\MEMIO.SYS [4300 2005-10-27] () [File not signed]
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
R2 iPodDrv; C:\WINDOWS\system32\drivers\iPodDrv.sys [6656 2011-04-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-08-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-07] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [233512 2009-05-18] ()
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
R3 VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297344 2009-04-21] (Marvell)
S4 IntelIde; No ImagePath
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 15:15 - 2014-09-09 15:15 - 00000000 ___DC () C:\FRST
2014-09-09 13:46 - 2014-09-09 13:46 - 00001957 _____ () C:\Documents and Settings\Jon\Desktop\bleeping computer help.txt
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Bluetooth Software
2014-09-06 20:31 - 2014-09-06 20:31 - 00000709 _____ () C:\Documents and Settings\Jon\Desktop\Shortcut to iExplore.exe.lnk
2014-09-05 21:25 - 2014-09-05 21:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\Application Data\Help
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Help
2014-09-04 20:08 - 2014-09-04 20:08 - 02118964 _____ () C:\Documents and Settings\Jon\My Documents\ARTICLES IN PROGRESS & notes.zip
2014-09-04 20:06 - 2014-09-04 20:06 - 22005286 _____ () C:\Documents and Settings\Jon\My Documents\RECIPES and MENUS.zip
2014-09-04 20:02 - 2014-09-04 20:02 - 03897542 _____ () C:\Documents and Settings\Jon\My Documents\WRITING - review this folder.zip
2014-09-04 19:57 - 2014-09-04 19:57 - 00107131 _____ () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs.zip
2014-09-04 19:56 - 2014-09-04 19:56 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs
2014-09-04 19:53 - 2014-09-04 19:53 - 01867697 _____ () C:\Documents and Settings\Jon\My Documents\TOURS & ITINERARIES.zip
2014-09-04 19:50 - 2014-09-04 19:50 - 01639740 _____ () C:\Documents and Settings\Jon\My Documents\Open Secrets, Buried Treasure.zip
2014-09-04 14:49 - 2014-09-04 14:49 - 00002006 _____ () C:\Documents and Settings\Jon\Desktop\SpyHunter.lnk
2014-09-04 14:49 - 2014-09-04 14:49 - 00000000 ___DC () C:\sh4ldr
2014-09-04 14:49 - 2014-09-04 14:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-04 14:49 - 2014-09-04 14:49 - 00000000 ____D () C:\Documents and Settings\Jon\Start Menu\Programs\SpyHunter
2014-09-04 14:48 - 2014-09-04 14:48 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-02 01:13 - 2014-09-02 01:13 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-02 01:13 - 2014-09-02 01:13 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-02 01:13 - 2014-09-02 01:13 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-02 01:12 - 2014-09-02 10:28 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-02 01:12 - 2014-09-02 01:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-02 01:12 - 2014-09-02 01:12 - 00001879 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-02 01:12 - 2014-09-02 01:12 - 00001873 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-02 01:12 - 2014-09-02 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-02 01:12 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-08-29 23:19 - 2014-08-29 23:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-29 22:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-29 22:51 - 2014-09-09 15:09 - 00000000 ___DC () C:\AdwCleaner
2014-08-29 21:52 - 2014-09-09 13:28 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-29 21:52 - 2014-08-29 21:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-29 21:49 - 2014-08-29 21:52 - 04851288 _____ () C:\Documents and Settings\Jon\Desktop\RogueKiller.exe
2014-08-29 19:18 - 2014-09-08 17:17 - 00003458 _____ () C:\Documents and Settings\Jon\Desktop\Rkill.txt
2014-08-29 10:37 - 2011-11-26 18:49 - 00438884 ____R () C:\WINDOWS\system32\Drivers\etc\Copy of hosts 8.29.2014
2014-08-28 23:34 - 2014-08-28 23:35 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\Rkill reports
2014-08-28 11:36 - 2014-08-28 13:26 - 00000000 ____D () C:\WINDOWS\pss
2014-08-28 10:51 - 2014-08-28 10:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-08-28 10:36 - 2014-09-09 10:04 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-28 10:36 - 2014-09-09 10:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-28 10:36 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-28 10:36 - 2014-09-04 15:04 - 00001636 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-28 10:36 - 2014-05-24 11:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-28 10:36 - 2014-05-24 11:34 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-28 10:36 - 2012-09-22 11:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-08-28 10:36 - 2009-10-22 13:56 - 00000782 _____ () C:\Documents and Settings\Administrator\Desktop\CyberLink YouCam.lnk
2014-08-28 10:36 - 2009-10-22 13:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink YouCam
2014-08-28 10:36 - 2009-04-09 04:59 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Play Camera Media
2014-08-28 10:36 - 2009-03-25 03:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-08-28 10:36 - 2009-03-25 03:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-08-28 10:36 - 2009-03-25 03:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\InstallShield
2014-08-28 10:36 - 2009-03-25 03:34 - 00000767 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-08-28 10:36 - 2009-03-25 03:34 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-08-28 10:36 - 2009-03-25 03:34 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-28 10:36 - 2009-03-25 03:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2014-08-27 08:21 - 2014-08-27 08:21 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\WRITING - review this folder
2014-08-22 21:09 - 2014-08-22 21:09 - 00001641 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-08-22 21:06 - 2014-08-22 21:09 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-21 18:14 - 2014-08-21 18:14 - 00000000 __SHD () C:\Documents and Settings\Jon\IECompatCache
2014-08-17 21:05 - 2014-08-17 21:05 - 00001776 _____ () C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
2014-08-17 21:02 - 2014-08-17 21:00 - 00252872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-08-17 21:02 - 2014-08-17 21:00 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-08-17 21:00 - 2014-08-17 21:00 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2014-08-16 14:27 - 2014-08-16 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-08-16 14:19 - 2014-08-16 14:19 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 14:18 - 2014-08-16 14:27 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 14:18 - 2014-08-16 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-16 14:06 - 2014-08-16 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer
2014-08-16 14:02 - 2014-08-16 14:02 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-10 11:45 - 2014-08-21 18:10 - 00000000 ____D () C:\Program Files\DriverToolkit
2014-08-10 11:45 - 2014-08-10 11:45 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\Application Data\DriverToolkit

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 15:17 - 2014-07-19 18:16 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-09-09 15:16 - 2009-10-22 13:53 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\Temp
2014-09-09 15:15 - 2014-09-09 15:15 - 00000000 ___DC () C:\FRST
2014-09-09 15:13 - 2009-03-25 03:28 - 01161423 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 15:11 - 2009-03-24 19:24 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-09 15:11 - 2009-03-24 19:24 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-09 15:10 - 2009-03-25 03:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 15:09 - 2014-08-29 22:51 - 00000000 ___DC () C:\AdwCleaner
2014-09-09 15:09 - 2009-10-22 13:53 - 00000178 ___SH () C:\Documents and Settings\Jon\ntuser.ini
2014-09-09 15:09 - 2009-03-25 03:33 - 00032630 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-09 14:41 - 2012-07-06 18:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-09 14:06 - 2010-05-09 19:47 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 14:06 - 2010-05-09 19:47 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 13:46 - 2014-09-09 13:46 - 00001957 _____ () C:\Documents and Settings\Jon\Desktop\bleeping computer help.txt
2014-09-09 13:28 - 2014-08-29 21:52 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-09 10:11 - 2009-03-25 03:27 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-09 10:04 - 2014-08-28 10:36 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-09-09 10:02 - 2014-08-28 10:36 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
2014-09-09 09:50 - 2014-09-09 09:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Bluetooth Software
2014-09-09 09:50 - 2014-08-28 10:36 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-09-09 09:42 - 2009-10-22 13:53 - 00000000 ____D () C:\Documents and Settings\Jon
2014-09-09 08:37 - 2009-03-24 19:21 - 00213027 _____ () C:\WINDOWS\setupact.log
2014-09-08 18:32 - 2009-10-22 13:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Temp
2014-09-08 18:26 - 2014-03-24 19:35 - 00334898 _____ () C:\WINDOWS\setupapi.log
2014-09-08 18:07 - 2010-06-05 17:21 - 00000000 __SHD () C:\Documents and Settings\Jon\UserData
2014-09-08 17:49 - 2009-10-25 02:33 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-08 17:17 - 2014-08-29 19:18 - 00003458 _____ () C:\Documents and Settings\Jon\Desktop\Rkill.txt
2014-09-08 15:40 - 2009-03-25 02:08 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-07 11:54 - 2014-04-21 11:32 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 20:31 - 2014-09-06 20:31 - 00000709 _____ () C:\Documents and Settings\Jon\Desktop\Shortcut to iExplore.exe.lnk
2014-09-05 21:25 - 2014-09-05 21:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\Application Data\Help
2014-09-05 08:49 - 2014-09-05 08:49 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Help
2014-09-05 08:49 - 2009-03-25 02:06 - 00000000 ____D () C:\WINDOWS\I386
2014-09-04 20:08 - 2014-09-04 20:08 - 02118964 _____ () C:\Documents and Settings\Jon\My Documents\ARTICLES IN PROGRESS & notes.zip
2014-09-04 20:06 - 2014-09-04 20:06 - 22005286 _____ () C:\Documents and Settings\Jon\My Documents\RECIPES and MENUS.zip
2014-09-04 20:05 - 2013-06-25 10:17 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\RECIPES and MENUS
2014-09-04 20:02 - 2014-09-04 20:02 - 03897542 _____ () C:\Documents and Settings\Jon\My Documents\WRITING - review this folder.zip
2014-09-04 19:57 - 2014-09-04 19:57 - 00107131 _____ () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs.zip
2014-09-04 19:56 - 2014-09-04 19:56 - 00000000 ____D () C:\Documents and Settings\Jon\My Documents\Bad Rescued or Destroyed Docs
2014-09-04 19:53 - 2014-09-04 19:53 - 01867697 _____ () C:\Documents and Settings\Jon\My Documents\TOURS & ITINERARIES.zip
2014-09-04 19:50 - 2014-09-04 19:50 - 01639740 _____ () C:\Documents and Settings\Jon\My Documents\Open Secrets, Buried Treasure.zip
2014-09-04 15:05 - 2009-03-25 03:30 - 00001636 ____C () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-09-04 15:04 - 2014-08-28 10:36 - 00001636 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-09-04 14:49 - 2014-09-04 14:49 - 00002006 _____ () C:\Documents and Settings\Jon\Desktop\SpyHunter.lnk
2014-09-04 14:49 - 2014-09-04 14:49 - 00000000 ___DC () C:\sh4ldr
2014-09-04 14:49 - 2014-09-04 14:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-04 14:49 - 2014-09-04 14:49 - 00000000 ____D () C:\Documents and Settings\Jon\Start Menu\Programs\SpyHunter
2014-09-04 14:48 - 2014-09-04 14:48 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-02 20:19 - 2012-10-01 22:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-09-02 10:28 - 2014-09-02 01:12 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-02 09:56 - 2009-10-25 21:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-02 01:15 - 2014-09-02 01:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-02 01:15 - 2009-03-25 03:33 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-02 01:13 - 2014-09-02 01:13 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-02 01:13 - 2014-09-02 01:13 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-02 01:13 - 2014-09-02 01:13 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-02 01:12 - 2014-09-02 01:12 - 00001879 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-02 01:12 - 2014-09-02 01:12 - 00001873 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-02 01:12 - 2014-09-02 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-31 17:54 - 2010-03-16 01:03 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Skype
2014-08-29 23:19 - 2014-08-29 23:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-29 21:52 - 2014-08-29 21:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-29 21:52 - 2014-08-29 21:49 - 04851288 _____ () C:\Documents and Settings\Jon\Desktop\RogueKiller.exe
2014-08-28 23:35 - 2014-08-28 23:34 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\Rkill reports
2014-08-28 13:26 - 2014-08-28 11:36 - 00000000 ____D () C:\WINDOWS\pss
2014-08-28 13:26 - 2009-03-25 02:09 - 00000211 __RSH () C:\boot.ini
2014-08-28 13:26 - 2009-03-25 02:08 - 00000530 _____ () C:\WINDOWS\win.ini
2014-08-28 13:26 - 2009-03-25 02:08 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-28 10:51 - 2014-08-28 10:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-08-28 10:38 - 2014-04-21 11:31 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 19:09 - 2011-11-11 22:29 - 00000000 ____D () C:\Temp
2014-08-27 18:46 - 2011-11-11 22:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung Printers
2014-08-27 18:36 - 2009-03-25 03:35 - 00000091 _____ () C:\WINDOWS\setup.log
2014-08-27 18:28 - 2011-11-11 22:57 - 00000086 _____ () C:\WINDOWS\scanassistant.log
2014-08-27 18:28 - 2009-03-25 03:39 - 00000000 ____D () C:\Program Files\Samsung
2014-08-27 18:25 - 2009-03-25 03:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-27 08:21 - 2014-08-27 08:21 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\WRITING - review this folder
2014-08-26 10:44 - 2013-09-11 11:08 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Wise Registry Cleaner
2014-08-25 11:24 - 2013-09-13 17:44 - 00085953 _____ () C:\Documents and Settings\Jon\My Documents\CONTACT LIST Sephardic Food.xlsx
2014-08-24 21:50 - 2013-05-22 17:30 - 00001945 ____C () C:\WINDOWS\epplauncher.mif
2014-08-22 21:09 - 2014-08-22 21:09 - 00001641 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-08-22 21:09 - 2014-08-22 21:06 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-22 15:54 - 2009-03-24 19:15 - 00000000 _SHDC () C:\WINDOWS\$NtUninstallKB15624$
2014-08-22 12:45 - 2009-03-25 03:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-21 18:19 - 2009-03-24 19:15 - 00000000 ____D () C:\WINDOWS\Help
2014-08-21 18:14 - 2014-08-21 18:14 - 00000000 __SHD () C:\Documents and Settings\Jon\IECompatCache
2014-08-21 18:10 - 2014-08-10 11:45 - 00000000 ____D () C:\Program Files\DriverToolkit
2014-08-21 18:10 - 2012-09-12 11:35 - 00000000 ____D () C:\Documents and Settings\Jon\Desktop\Infrequent Shortcuts
2014-08-18 15:32 - 2009-10-22 14:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-18 15:30 - 2014-03-24 20:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-18 15:15 - 2010-12-24 23:00 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-17 21:05 - 2014-08-17 21:05 - 00001776 _____ () C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
2014-08-17 21:05 - 2014-07-19 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-08-17 21:00 - 2014-08-17 21:02 - 00252872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2014-08-17 21:00 - 2014-08-17 21:02 - 00026136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-08-17 21:00 - 2014-08-17 21:00 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2014-08-16 16:24 - 2009-10-24 23:57 - 00000000 ____D () C:\Documents and Settings\Jon\Application Data\Apple Computer
2014-08-16 16:03 - 2009-03-25 03:26 - 00022196 ____C () C:\WINDOWS\wmsetup.log
2014-08-16 14:27 - 2014-08-16 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-08-16 14:27 - 2014-08-16 14:18 - 00000000 ____D () C:\Program Files\iTunes
2014-08-16 14:27 - 2014-08-16 14:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-16 14:19 - 2014-08-16 14:19 - 00000000 ____D () C:\Program Files\iPod
2014-08-16 14:19 - 2009-10-24 23:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-16 14:08 - 2009-10-24 23:54 - 00002425 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2014-08-16 14:06 - 2014-08-16 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer
2014-08-16 14:06 - 2009-10-24 23:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-08-16 14:05 - 2012-07-06 18:33 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-16 14:05 - 2011-11-06 16:41 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-16 14:02 - 2014-08-16 14:02 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-10 12:08 - 2009-03-24 19:21 - 00578048 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-10 11:45 - 2014-08-10 11:45 - 00000000 ____D () C:\Documents and Settings\Jon\Local Settings\Application Data\DriverToolkit

Some content of TEMP:
====================
C:\Documents and Settings\Jon\Local Settings\Temp\HitmanPro.exe
C:\Documents and Settings\Jon\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Jon\Local Settings\Temp\ose00001.exe
C:\Documents and Settings\Jon\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Jon\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is261.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is262.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is264.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by Jon at 2014-09-09 15:17:32
Running from C:\Documents and Settings\Jon\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AirPort (HKLM\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Atheros WLAN Client (HKLM\...\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}) (Version: 18.00.0000 - WLAN)
avast! Internet Security (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
BatteryLifeExtender (HKLM\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2618 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.2618 - CyberLink Corp.) Hidden
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.3 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
Easy Resolution Manager (HKLM\...\{9CAC71E9-D196-472E-845C-5462356B2AE1}) (Version: 1.0.0.4 - Samsung Electronics Co.,LTD.)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 1.71.00 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EZ Vinyl/Tape Converter 7.4 by MixMeister (HKLM\...\EZ Vinyl/Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
imagine digital freedom - Samsung (HKLM\...\{8E106A57-A17E-431D-B48F-175E42EB9F74}) (Version: 1.0.2.2 - Samsung Electronics Co. Ltd.,)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Magic Keyboard (HKLM\...\{BD723E53-A42C-4702-AA04-1D74A0311590}) (Version: 7.0.3.3 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.69.2.3 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}) (Version: 3.1.3.0 - Apple Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
neroxml (Version: 1.0.0 - Nero AG) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readiris Pro 10 (HKLM\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5859 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{6A1F72DD-2465-43A2-A137-8A849399B7A8}) (Version: 1.01.0086 - REALTEK Semiconductor Corp.)
Samsung Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 1.00 - )
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 4.00 - )
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.8 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1900.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter (HKLM\...\{AF549236-6258-4AC6-A043-5B5B89C6EB61}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SRS WOW XT and TSXT (HKLM\...\{1FBEBAAF-A363-458D-8D26-9F61AC98ACC3}) (Version: 1.09.1300 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.2 - Synaptics)
TSR Watermark Image software version 2.4.1.2 - Free version (HKLM\...\TSR Watermark Image - Free version_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.6100 -  )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Wise Registry Cleaner 7.84 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.84 - WiseCleaner.com, Inc.)
YOIGO, Internet para llevar (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.8 - ZTE)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4049577926-3462803898-1742995077-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)

==================== Restore Points  =========================

09-09-2014 08:12:05 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-03-25 02:08 - 2011-11-26 18:49 - 00438884 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1001namen.com
127.0.0.1    1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-07-19 18:15 - 2014-07-19 18:15 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-09 11:12 - 2014-09-09 11:12 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090900\algo.dll
2014-09-02 01:12 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-02 01:12 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-11-11 22:52 - 2009-08-27 11:24 - 00026624 _____ () C:\WINDOWS\system32\sst2cl3.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-02 01:12 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-02 01:12 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2012-09-12 11:56 - 2010-03-12 03:27 - 00095368 _____ () C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
2014-07-19 18:15 - 2014-07-19 18:15 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB15624$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5416
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2014 09:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application sdfiles.exe, version 2.4.40.135, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [sdfiles.exe!ws!]

Error: (09/05/2014 08:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31058063

Error: (09/05/2014 08:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31058063

Error: (09/05/2014 08:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/04/2014 11:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (09/04/2014 11:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (09/04/2014 11:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2014 00:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3984

Error: (09/03/2014 00:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3984

Error: (09/03/2014 00:07:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/09/2014 03:11:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (09/09/2014 03:11:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (09/09/2014 03:11:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error:
%%126

Error: (09/09/2014 03:11:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Net Driver HPZ12 service terminated with the following error:
%%126

Error: (09/09/2014 03:11:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (09/09/2014 03:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 03:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 03:09:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/09/2014 03:09:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/09/2014 03:09:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (08/19/2013 03:33:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1383872 seconds with 141180 seconds of active time.  This session ended with a crash.

Error: (04/20/2010 07:56:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3880 seconds with 2460 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor:  Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 30%
Total physical RAM: 2038.36 MB
Available physical RAM: 1413.7 MB
Total Pagefile: 3927.02 MB
Available Pagefile: 3382.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:71.04 GB) (Free:48.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:72 GB) (Free:71.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 0F603502)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=72 GB) - (Type=07 NTFS)


 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 09 September 2014 - 01:28 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\Jon\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Jon\Local Settings\Temp\ose00001.exe
C:\Documents and Settings\Jon\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is261.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is262.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is264.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#6 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 10 September 2014 - 09:01 AM

Save the files as fixlist.txt into the same folder as FRST

 

A question: Do you mean the folder the program created (C:\FRST) or the folder where the application is parked?

Thanks.



 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 10 September 2014 - 10:16 AM

The logs reports that it's running from the Downloads folder.

Running from C:\Documents and Settings\Jon\My Documents\Downloads

If the Farbar program is in that folder you should do it in it.

Or move the program to the C:\FRST folder as well as the Fixlist.txt file and Run the tool from there.

#8 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 10 September 2014 - 10:29 AM

When I clicked the Fix button in Farbar, Windows shut down the program . I couldn't find a way to copy the error report. Should I just try the fix again?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 10 September 2014 - 12:36 PM

Where are you working from the Downloads or the FRST folder.

It might be best to run it from the FRST folder.

#10 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 10 September 2014 - 01:54 PM

"How is the computer running now?"   Startup is faster, but my browser's still being directed to doubleclick etc etc, and Firefox is still blocking certain redirect attempts. In re Word documents, I'm not anxious to open any to find out whether they vanish... (I haven't run any scans other than the ones you've told me to).

 

Do I see correctly that Security Check didn't detect Malwarebytes?

 

Also, I realize the sidebar background color has disappeared from my Explorer windows. I can live without that, but I wonder whether it might be significant...

 

Here are the logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Jon at 2014-09-10 20:16:59 Run:2
Running from C:\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\Jon\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Jon\Local Settings\Temp\ose00001.exe
C:\Documents and Settings\Jon\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is261.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is262.exe
C:\Documents and Settings\Jon\Local Settings\Temp\_is264.exe

End
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Net Driver HPZ12 => Service deleted successfully.
Pml Driver HPZ12 => Service deleted successfully.
PCASp50 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\ose00000.exe => Moved successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\ose00001.exe => Moved successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\SHSetup.exe => Moved successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\_is261.exe => Moved successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\_is262.exe => Moved successfully.
C:\Documents and Settings\Jon\Local Settings\Temp\_is264.exe => Moved successfully.

==== End of Fixlog ====

 

Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 avast! Internet Security    
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 SpyHunter     
 Spybot - Search & Destroy
 Wise Registry Cleaner 7.84  
 Adobe Flash Player     15.0.0.152  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#11 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 10 September 2014 - 02:28 PM

Another question: Does Windows firewall still serve a purpose any more on xp?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 11 September 2014 - 07:24 AM

Another question: Does Windows firewall still serve a purpose any more on xp?

Definitively YES!.
===

In re Word documents, I'm not anxious to open any to find out whether they vanish..

Hit the bullet and try. Post any error message that you get.
===

still being directed to doubleclick etc etc,

Execute the following:

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#13 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 11 September 2014 - 05:23 PM

The redirects stopped for a while, but have come back full force.

 

I ran a scan again and both the double Twist BHO plug-in and Trojan.Agent.kro (which of course is far more serious) are both still on my system.

 

I got a couple of plugin-container.exe error messages. ("Windows has encountered an error and needs to close this program.") One when I opened a Word document, and one when opened SpyHunter. Both programs worked fine. The report details were very, very long and I didn't know how to save them, and I couldn't copy & paste. I re-ran Adware Cleaner and it found (and cleaned) new adware.

 

Re Word, Auto Recovery is no longer working. I've got all these supposedly recovered documents, but when I open Word, the auto recovery panel doesn't open. When I try to open the documents normally, I get a gray window telling me they're corrupted or in unrecognizable formats, can't be read, and not to open unless I'm certain of their source. Which of course I no longer am.

 

Welcome to my nightmare. It's the Trojan that's got me worried.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 12 September 2014 - 06:59 AM

It might just be that your router was corrupted.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html


How To Set Up a Network Router
http://compnetworking.about.com/od/homenetworking/ht/routerconfigure.htm
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

While I check your logs, refer to this page and see it you can get your document back.

http://support.microsoft.com/kb/316951
How to recover a lost Word document

#15 Julesverne

Julesverne
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:58 PM

Posted 12 September 2014 - 08:27 AM

I can't get at the router. (Meaning I can't get at it physically because it's on a high shelf I can't reach). 

 

Rogue Killer detected kernel mode rootkits & directed me to this page:

 

http://www.adlice.com/kernelmode-rootkits-part-1-ssdt-hooks/

 

Here's the scan report:

 

RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jon [Admin rights]
Mode : Remove -- Date : 09/12/2014  15:16:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Partner Service () -> NOT SELECTED
[PUM.Proxy] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 0.0.0.0:80  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 80.58.61.250 80.58.61.254  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 80.58.61.250 80.58.61.254  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 80.58.61.250 80.58.61.254  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4D227324-DFFB-4661-895E-8DBDCDF28AF5} | DhcpNameServer : 80.58.61.250 80.58.61.254  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4D227324-DFFB-4661-895E-8DBDCDF28AF5} | DhcpNameServer : 80.58.61.250 80.58.61.254  -> NOT SELECTED
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{4D227324-DFFB-4661-895E-8DBDCDF28AF5} | DhcpNameServer : 80.58.61.250 80.58.61.254  -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-4049577926-3462803898-1742995077-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 196 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xa7dbaaba
[SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xa7dbac2e
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$13Regexpr@PREOp : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c618cc
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$16Regexpr@ERegExpr : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c624e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$16Regexpr@TRegExpr : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c62148
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$18Gnugettext@TDomain : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69720
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$18Gnugettext@TMoFile : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6939c
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$18Regexpr@PRENextOff : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c618e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$20Regexpr@PREBracesArg : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c618f8
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$21Gnugettext@EGGIOError : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68f6c
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$22Gnugettext@EGnuGettext : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68d84
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$22Gnugettext@TExecutable : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69810
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$22Gnugettext@TTranslator : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68cd8
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$23Gnugettext@TDebugLogger : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69100
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$23Gnugettext@TOnDebugLine : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69048
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$25Gnugettext@TGetPluralForm : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c690d0
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$28Gnugettext@EGGComponentError : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68ecc
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$30Gnugettext@EGGProgrammingError : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68e24
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$30Gnugettext@TGnuGettextInstance : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6a59c
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$32Gnugettext@EGGAnsi2WideConvError : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69010
[EAT:Addr] (explorer.exe) DEC150.bpl - @$xp$34Regexpr@TRegExprInvertCaseFunction : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c61910
[EAT:Addr] (explorer.exe) DEC150.bpl - @GetPackageInfoTable : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71a20
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@AddDomainForResourceString$qqrx20System@UnicodeStrin\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6c62c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@DefaultInstance : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c7401c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGAnsi2WideConvError@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68fec
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGComponentError@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68eac
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGIOError@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68f54
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGGProgrammingError@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68e04
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@EGnuGettext@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68d6c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@ExecutableFilename : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c74018
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@Finalization$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71830
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@GetCurrentLanguage$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6bf38
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@GetTranslatorNameAndEmail$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6bca4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@HookIntoResourceStrings$qqroo : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c7109c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@LoadResString$qqrp20System@TResStringRec : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6becc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@LoadResStringW$qqrp20System@TResStringRec : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6bf20
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@RemoveDomainForResourceString$qqrx20System@UnicodeSt\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6c688
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@RetranslateComponent$qqrp18Classes@TComponentx20Syst\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b71c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69450
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@$bctr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6cfd8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@$bdtr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6bf70
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@CloseMoFile$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6bf4c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@GetListOfLanguages$qqrp16Classes@TStrings : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6c994
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@GetTranslationProperty$qqr20System@UnicodeSt\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6c3b8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@OpenMoFile$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6bfe4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@SetFilename$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6cf5c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@SetLanguageCode$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6c6e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@gettext$qqrx31System@%AnsiStringT$us$i65535$\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6cf80
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TDomain@setDirectory$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6c5cc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TExecutable@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c697c8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69898
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@$bctr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d084
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@$bdtr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d25c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@DebugLogPause$qqro : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f420
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@DebugLogToFile$qqrx20System@Unic\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f424
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@FreeTP_ClassHandlingItems$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6fb94
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetCurrentLanguage$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d4ac
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetListOfLanguages$qqrx20System@\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f3d0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetTranslationProperty$qqrx20Sys\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f1f4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@GetTranslatorNameAndEmail$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f1b0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@Getdomain$qqrx20System@UnicodeSt\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f428
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@LoadResString$qqrp20System@TResS\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f4ac
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@RetranslateComponent$qqrp18Class\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f62c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_CreateRetranslator$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d538
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_GlobalHandleClass$qqrp17Syste\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d554
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_GlobalIgnoreClass$qqrp17Syste\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d6e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_GlobalIgnoreClassProperty$qqr\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d958
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_Ignore$qqrp14System@TObjectx2\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6db60
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_IgnoreClass$qqrp17System@TMet\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f7c8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TP_IgnoreClassProperty$qqrp17Sys\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f9a4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateComponent$qqrp18Classes\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6dbb4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateProperties$qqrp14System\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6e3e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateProperty$qqrp14System@T\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6de7c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@TranslateStrings$qqrp16Classes@T\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f078
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@UseLanguage$qqr20System@UnicodeS\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6eb98
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@WhenNewDomain$qqrx20System@Unico\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f3c4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@WhenNewDomainDirectory$qqrx20Sys\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f3cc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@WhenNewLanguage$qqrx20System@Uni\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f3c8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@bindtextdomain$qqrx20System@Unic\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d014
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@bindtextdomainToFile$qqrx20Syste\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f3f8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dgettext$qqrx20System@UnicodeStr\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d3a4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dgettext_NoExtract$qqrx20System@\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d488
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dngettext$qqrx20System@UnicodeSt\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f220
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@dngettext_NoExtract$qqrx20System\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f344
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@getcurrenttextdomain$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d4c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@gettext$qqrx20System@UnicodeStri\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d4d4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@gettext_NoExtract$qqrx20System@U\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d4f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@gettext_NoOp$qqrx20System@Unicod\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d508
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@ngettext$qqrx20System@UnicodeStr\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f370
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@ngettext_NoExtract$qqrx20System@\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6f39c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TGnuGettextInstance@textdomain$qqrx20System@UnicodeS\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6d51c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c69198
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@$bctr$qqrx20System@UnicodeStringxjjxo : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71144
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@$bdtr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c715ec
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@CardinalInMem$qqrpcui : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c7112c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@autoswap32$qqrui : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c710f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TMoFile@gettext$qqrx31System@%AnsiStringT$us$i65535$\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c7163c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_GlobalHandleClass$qqrp17System@TMetaClassynpqqrp1\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b6f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_GlobalIgnoreClass$qqrp17System@TMetaClass : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b6b0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_GlobalIgnoreClassProperty$qqrp17System@TMetaClass\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b6e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_Ignore$qqrp14System@TObjectx20System@UnicodeStrin\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b6a0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_IgnoreClass$qqrp17System@TMetaClass : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b6c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TP_IgnoreClassProperty$qqrp17System@TMetaClassx20Sys\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b6d0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@TranslateComponent$qqrp18Classes@TComponentx20System\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b70c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@UseLanguage$qqr20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6bcb8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@_$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b5a0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@bindtextdomain$qqrx20System@UnicodeStringt1 : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b690
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@dgettext$qqrx20System@UnicodeStringt1 : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b5b8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@dgettext_NoExtract$qqrx20System@UnicodeStringt1 : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b5d4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@dngettext$qqrx20System@UnicodeStringt1t1i : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b5ec
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@getcurrenttextdomain$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b67c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@gettext$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b55c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@gettext_NoExtract$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b574
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@gettext_NoOp$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b588
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@initialization$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c7208c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@ngettext$qqrx20System@UnicodeStringt1i : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b61c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@ngettext_NoExtract$qqrx20System@UnicodeStringt1i : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b648
[EAT:Addr] (explorer.exe) DEC150.bpl - @Gnugettext@textdomain$qqrx20System@UnicodeString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6b66c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@ERegExpr@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c62498
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@ExecRegExpr$qqrx17System@WideStringt1 : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c62658
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@Finalization$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68c2c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@QuoteRegExprMetaChars$qqrx17System@WideString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c627c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprInvertCaseFunction : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73058
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprLinePairedSeparator : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73054
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprLineSeparators : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73050
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierG : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73043
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierI : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73040
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierM : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73044
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierR : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73041
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierS : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73042
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprModifierX : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73045
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprSpaceChars : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c73048
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprSubExpressions$qqrx20System@UnicodeStringp16Clas\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c62904
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@RegExprWordChars : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c7304c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@ReplaceRegExpr$qqrx17System@WideStringt1t1o : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6272c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@SplitRegExpr$qqrx17System@WideStringt1p16Classes@TStrin\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c626c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c61a68
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@$bctr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63c7c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@$bdtr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63d90
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Compile$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c644c0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@CompileRegExpr$qqrpb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64694
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Dump$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68570
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@DumpOp$qqrb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67dcc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@EmitC$qqrb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c645c8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@EmitNode$qqrb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64588
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Error$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c68af4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ErrorMsg$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c62c14
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Exec$qqrx17System@WideString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67534
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ExecNext$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67698
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ExecPos$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c676e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ExecPrim$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6754c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetCompilerErrorPos$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c66144
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetExpression$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63e00
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetInputString$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c676e8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetLinePairedSeparator$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c678bc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetMatch$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63f9c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetMatchLen$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63f64
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetMatchPos$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63f28
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetModifier$qqri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c643b8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetModifierStr$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63fe8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@GetSubExprMatchCount$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63efc
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@InsertOperator$qqrbpbi : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c645f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@InvalidateProgramm$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c644a4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@InvertCaseFunction$qqrxb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63dd8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@IsProgrammOk$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c644e0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@LastError$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63c58
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@MatchPrim$qqrpb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c666a8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@OpTail$qqrpbt1 : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64568
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseAtom$qqrri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6559c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseBranch$qqrri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64ad8
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseModifiersStr$qqrx17System@WideStringri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64180
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParsePiece$qqrri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64d70
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@ParseReg$qqriri : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64908
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@RegMatch$qqrpb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c674f0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Replace$qqr17System@WideStringx17System@WideSt\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67cc0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetExpression$qqrx17System@WideString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63e28
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetInputString$qqrx17System@WideString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67718
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetLinePairedSeparator$qqrx17System@WideString\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67810
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetLineSeparators$qqrx17System@WideString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c677e4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetModifier$qqrio : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6442c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@SetModifierStr$qqrx17System@WideString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64390
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Split$qqr17System@WideStringp16Classes@TString\Ó(Ûí(ÉW : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67bc0
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@StrScanCI$qqrpbb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c6616c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Substitute$qqrx17System@WideString : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c67a14
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@Tail$qqrpbt1 : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c64530
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@VersionMajor$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63c6c
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@VersionMinor$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c63c74
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@regnext$qqrpb : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c66688
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@TRegExpr@regrepeat$qqrpbi : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c661b4
[EAT:Addr] (explorer.exe) DEC150.bpl - @Regexpr@initialization$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c72078
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@@GetPackageInfoTable$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71a20
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@@PackageLoad$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71a28
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@@PackageUnload$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71a34
[EAT:Addr] (explorer.exe) DEC150.bpl - @Snlthirdparty@initialization$qqrv : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c722e8
[EAT:Addr] (explorer.exe) DEC150.bpl - Finalize : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71a34
[EAT:Addr] (explorer.exe) DEC150.bpl - Initialize : C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl @ 0x3c71a28

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM160HI +++++
--- User ---
[MBR] baefa86846c84853d86531f91eeee634
[BSP] 5baa80759c7232655d01cfe80b98f46b : Kiwi MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 12594960 | Size: 72747 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161581056 | Size: 73729 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_08292014_224559.log - RKreport_DEL_09022014_201419.log - RKreport_SCN_08292014_220039.log - RKreport_SCN_09022014_144258.log
RKreport_SCN_09122014_151205.log






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users