Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have Trovi, with Webprotect adware and something called SelectLinks.


  • This topic is locked This topic is locked
9 replies to this topic

#1 meeql

meeql

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 13 October 2014 - 10:22 PM

I deleted some files and got my browser back, but still have the adware and selectlinks. Can someone suggest how to remove it? I read somewhere that MalWare Bytes doesn't work.  Thanks!



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 14 October 2014 - 04:54 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 meeql

meeql
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 14 October 2014 - 10:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-10-2014
Ran by Owner (administrator) on COMPUTER_1 on 14-10-2014 22:49:36
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
() C:\Program Files\Browser Features\BManager.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(O2Micro International) C:\WINDOWS\system32\o2flash.exe
() C:\monitor.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
(MyOSCompany) C:\Program Files\Web Protect\MyOSProtect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
(Google Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88365 2006-01-16] (Agere Systems)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ATSwpNav] => "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [176128 2005-03-08] (HP)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Browser Features] => C:\Program Files\Browser Features\BManager.exe [888832 2014-09-03] ()
HKLM\...\Run: [BManager] => C:\Program Files\Browser Features\BManager.exe [888832 2014-09-03] ()
HKU\S-1-5-21-1214440339-287218729-1417001333-1003\...\Run: [Google Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-02] (Google Inc.)
HKU\S-1-5-21-1214440339-287218729-1417001333-1003\...\Run: [Weather] => C:\Program Files\AWS\WeatherBug\Weather.exe 1
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={CAF6FA77-EFE0-4EEF-B619-A24C6072FB14}&mid=6e10c152f90a47d09583d15231ea7b75-d9838dea25b916c33f51586690fed84a5320c0a3&lang=en&ds=AVG&pr=fr&d=2012-07-05 19:28:42&v=11.1.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_1593488204\LPToolbar.dll (LastPass)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_1593488204\LPToolbar.dll (LastPass)
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 19 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-04-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-18]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24]
CHR Extension: (Funmoods) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2013-08-15]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-07-24]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-15]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\DOCUME~1\Owner\LOCALS~1\APPLIC~1\funmoods-speeddial.crx [2012-06-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154608 2014-08-28] (Coupons.com Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-04-02] (Sun Microsystems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R2 O2Flash; C:\WINDOWS\system32\o2flash.exe [57344 2005-09-13] (O2Micro International) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATSWPDRV; C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [117874 2005-11-19] (AuthenTec, Inc.)
R3 FUJ02B1; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [5248 2008-03-29] (FUJITSU LIMITED)
R3 FUJ02E1; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [5632 2004-10-18] (Fujitsu Limited)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-22] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
R0 iastor78; C:\WINDOWS\system32\Drivers\iastor78.sys [308248 2009-08-11] (Intel Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2530176 2008-03-12] (Intel Corporation)
R1 pcwatch; C:\WINDOWS\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [46592 2004-12-09] (SMSC)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296448 2008-12-09] (Marvell)
S4 IntelIde; No ImagePath
R1 MpKsl4d9e57d4; \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D2ABF38-BC47-45A7-8D06-CC59714CBED6}\MpKsl4d9e57d4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 22:49 - 2014-10-14 22:49 - 00000000 ____D () C:\FRST
2014-10-10 23:09 - 2014-10-14 22:49 - 06496256 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\ChromeHitoryDB
2014-10-10 17:48 - 2014-10-10 17:48 - 00000000 ____D () C:\Program Files\Browser Features
2014-10-10 17:47 - 2014-10-10 17:49 - 00000000 ____D () C:\Program Files\Web Protect
2014-10-10 17:47 - 2014-10-10 17:47 - 00009744 _____ () C:\WINDOWS\system32\MyOSProtect.ini
2014-10-10 17:47 - 2014-10-10 17:47 - 00002312 _____ () C:\WINDOWS\system32\MyOSProtectOff.ini
2014-10-10 17:47 - 2014-09-01 14:29 - 00019840 _____ () C:\WINDOWS\system32\Drivers\pcwatch.sys
2014-10-10 17:47 - 2014-09-01 14:28 - 00304776 _____ (MyOSCompany) C:\WINDOWS\system32\MyOSProtect.dll
2014-10-10 17:46 - 2014-10-10 23:25 - 00000000 ____D () C:\Program Files\SearchProtect
2014-10-10 17:46 - 2014-10-10 17:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\SearchProtect
2014-09-17 14:30 - 2014-09-17 14:30 - 00057502 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
2014-09-15 23:22 - 2014-09-15 23:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini091514-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-14 22:50 - 2012-04-02 10:39 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-10-14 22:48 - 2012-04-02 10:09 - 01362344 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-14 22:44 - 2012-04-02 10:13 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-10-13 22:53 - 2012-04-02 11:49 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-287218729-1417001333-1003UA.job
2014-10-13 18:53 - 2012-04-02 11:49 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-287218729-1417001333-1003Core.job
2014-10-11 23:05 - 2012-09-20 21:10 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-10-11 18:33 - 2014-03-28 07:28 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-10-11 08:20 - 2012-07-02 23:43 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
2014-10-11 08:20 - 2012-07-02 23:41 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
2014-10-11 08:20 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-11 08:19 - 2014-03-18 21:07 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-11 08:19 - 2012-04-02 10:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-10 23:17 - 2012-04-02 06:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-10 23:17 - 2012-04-02 06:02 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-02 11:53 - 2012-04-02 10:13 - 00032514 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-01 23:17 - 2012-04-02 10:39 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-10-01 23:16 - 2012-07-02 23:42 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2014-09-30 03:58 - 2012-07-02 23:43 - 00001008 _____ () C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
2014-09-27 23:33 - 2012-07-23 17:19 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Critical Think
2014-09-24 20:59 - 2013-05-28 13:28 - 00002284 _____ () C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2014-09-22 02:41 - 2012-04-02 12:27 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-21 09:19 - 2014-08-31 09:34 - 00473584 _____ (Coupons, Inc.) C:\WINDOWS\system32\cpnprt2wswin32.cid
2014-09-17 14:31 - 2012-12-16 14:22 - 00000000 ____D () C:\Documents and Settings\Owner\.gimp-2.8
2014-09-17 14:31 - 2012-12-04 07:27 - 00013312 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-16 07:02 - 2012-04-02 12:03 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 07:02 - 2012-04-02 12:02 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-15 23:23 - 2014-03-18 21:07 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-15 23:22 - 2013-12-15 09:29 - 00000000 ____D () C:\WINDOWS\Minidump
 
Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\bs.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Couponscom.exe
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcryybg.dll
C:\Documents and Settings\Owner\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\Owner\Local Settings\Temp\vlc-2.0.2-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-10-2014
Ran by Owner at 2014-10-14 22:50:50
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Features version 2.22 (HKLM\...\{6C250DDC-A10E-4F36-95B4-59A76592DA20}}_is1) (Version: 2.22 - Browser Features)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.10) (Version: 5.0.0.10 - Coupons.com Incorporated)
CouponBar (HKLM\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
FastStone Image Viewer 4.6 (HKLM\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Fingerprint Sensor Minimum Install (Version: 6.5.1.0 - AuthenTec, Inc.) Hidden
Gimp 2.6.11 (HKLM\...\Gimp) (Version: 2.6.11 - )
Gimp 2.6.2 Debug (HKLM\...\WinGimp-2.0_is1) (Version:  - )
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 1.62.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{B223DB66-E5EC-4F19-B8C8-274EB876094C}) (Version: 2.3 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.3 - O2Micro International LTD.) Hidden
OpenOffice.org 3.1 (HKLM\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
PDF Reader (HKCU\...\PDF Reader) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.1.24 - Intuit)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
Search Protect (HKLM\...\SearchProtect) (Version: 2.17.26.7 - Client Connect LTD) <==== ATTENTION
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Trade Navigator (HKLM\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Web Protect for Windows (HKLM\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.115\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-1214440339-287218729-1417001333-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll No (the data entry has 5 more characters).
 
==================== Restore Points  =========================
 
15-07-2014 02:54:18 Software Distribution Service 3.0
16-06-2014 22:47:06 Software Distribution Service 3.0
18-06-2014 22:35:32 Software Distribution Service 3.0
26-06-2014 00:48:35 Software Distribution Service 3.0
27-06-2014 01:30:16 Software Distribution Service 3.0
28-06-2014 03:32:02 Software Distribution Service 3.0
29-06-2014 12:36:07 Software Distribution Service 3.0
01-07-2014 02:59:28 Software Distribution Service 3.0
02-07-2014 03:04:11 Software Distribution Service 3.0
06-07-2014 17:13:45 Software Distribution Service 3.0
07-07-2014 22:29:54 Software Distribution Service 3.0
08-07-2014 23:30:49 Software Distribution Service 3.0
10-07-2014 00:58:52 Software Distribution Service 3.0
10-07-2014 22:09:30 Software Distribution Service 3.0
11-07-2014 01:19:56 Software Distribution Service 3.0
12-07-2014 01:54:38 System Checkpoint
12-07-2014 11:26:30 Software Distribution Service 3.0
13-07-2014 12:16:49 Software Distribution Service 3.0
14-07-2014 22:49:14 Software Distribution Service 3.0
16-07-2014 03:17:44 Software Distribution Service 3.0
17-07-2014 03:35:15 Software Distribution Service 3.0
19-07-2014 01:42:11 Software Distribution Service 3.0
20-07-2014 11:04:21 Software Distribution Service 3.0
21-07-2014 22:18:42 Software Distribution Service 3.0
22-07-2014 23:53:06 Software Distribution Service 3.0
24-07-2014 00:37:20 Software Distribution Service 3.0
25-07-2014 00:42:23 Software Distribution Service 3.0
26-07-2014 03:00:21 Software Distribution Service 3.0
27-07-2014 12:31:16 Software Distribution Service 3.0
29-07-2014 03:51:45 Software Distribution Service 3.0
30-07-2014 22:47:14 Software Distribution Service 3.0
01-08-2014 01:19:01 Software Distribution Service 3.0
02-08-2014 10:53:07 Software Distribution Service 3.0
03-08-2014 11:54:10 Software Distribution Service 3.0
05-08-2014 01:36:39 Software Distribution Service 3.0
06-08-2014 11:19:20 Software Distribution Service 3.0
07-08-2014 23:09:52 Software Distribution Service 3.0
08-08-2014 23:22:14 System Checkpoint
09-08-2014 06:48:04 Software Distribution Service 3.0
10-08-2014 12:54:03 Software Distribution Service 3.0
12-08-2014 00:14:44 Software Distribution Service 3.0
13-08-2014 03:46:49 Software Distribution Service 3.0
13-08-2014 23:36:51 Software Distribution Service 3.0
14-08-2014 22:38:23 Software Distribution Service 3.0
16-08-2014 00:28:31 Software Distribution Service 3.0
17-08-2014 00:59:46 System Checkpoint
17-08-2014 03:44:18 Software Distribution Service 3.0
18-08-2014 23:36:19 Software Distribution Service 3.0
20-08-2014 01:41:57 Software Distribution Service 3.0
21-08-2014 02:13:48 Software Distribution Service 3.0
22-08-2014 02:36:33 System Checkpoint
22-08-2014 04:30:13 Software Distribution Service 3.0
23-08-2014 08:28:00 Software Distribution Service 3.0
24-08-2014 11:28:38 Software Distribution Service 3.0
25-08-2014 21:57:22 Software Distribution Service 3.0
27-08-2014 00:48:16 Software Distribution Service 3.0
28-08-2014 23:39:27 Software Distribution Service 3.0
30-08-2014 00:35:23 Software Distribution Service 3.0
31-08-2014 00:40:44 System Checkpoint
31-08-2014 11:25:41 Software Distribution Service 3.0
01-09-2014 11:31:49 Software Distribution Service 3.0
02-09-2014 22:34:42 Software Distribution Service 3.0
04-09-2014 00:32:16 Software Distribution Service 3.0
05-09-2014 01:38:36 Software Distribution Service 3.0
06-09-2014 08:08:53 Software Distribution Service 3.0
07-09-2014 12:03:20 Software Distribution Service 3.0
09-09-2014 23:02:16 Software Distribution Service 3.0
10-09-2014 21:23:44 Software Distribution Service 3.0
10-09-2014 23:57:55 Software Distribution Service 3.0
12-09-2014 00:40:02 Software Distribution Service 3.0
13-09-2014 01:45:45 Software Distribution Service 3.0
14-09-2014 12:43:47 Software Distribution Service 3.0
15-09-2014 12:50:57 Software Distribution Service 3.0
16-09-2014 23:49:44 Software Distribution Service 3.0
18-09-2014 02:41:08 Software Distribution Service 3.0
19-09-2014 12:11:24 Software Distribution Service 3.0
21-09-2014 00:11:46 Software Distribution Service 3.0
22-09-2014 01:18:36 Software Distribution Service 3.0
23-09-2014 02:39:12 Software Distribution Service 3.0
24-09-2014 12:12:43 Software Distribution Service 3.0
25-09-2014 23:46:17 Software Distribution Service 3.0
27-09-2014 02:53:51 Software Distribution Service 3.0
28-09-2014 11:49:28 Software Distribution Service 3.0
29-09-2014 12:12:42 Software Distribution Service 3.0
30-09-2014 13:25:59 System Checkpoint
30-09-2014 15:33:25 Software Distribution Service 3.0
01-10-2014 16:27:23 Software Distribution Service 3.0
02-10-2014 21:25:38 Software Distribution Service 3.0
05-10-2014 01:38:35 Software Distribution Service 3.0
09-10-2014 20:58:20 Software Distribution Service 3.0
10-10-2014 21:54:44 Software Distribution Service 3.0
11-10-2014 22:44:07 Software Distribution Service 3.0
13-10-2014 00:51:16 Software Distribution Service 3.0
14-10-2014 02:15:10 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2007-08-11 02:58 - 2007-08-11 02:58 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 mpa.one.microsoft.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-287218729-1417001333-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-287218729-1417001333-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-06-28 22:23 - 2001-10-28 16:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-10 17:48 - 2014-09-03 12:51 - 00888832 _____ () C:\Program Files\Browser Features\BManager.exe
2014-10-11 08:20 - 2014-10-11 08:20 - 00580701 _____ () C:\Documents and Settings\Owner\Local Settings\Temp\tmp6.tmp
2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe
2014-10-11 08:20 - 2014-10-11 08:20 - 00043008 _____ () c:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcryybg.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libcef.dll
2014-09-29 15:15 - 2014-09-29 15:15 - 00827392 _____ () C:\Program Files\web protect\pcproxydll.dll
2008-04-14 00:41 - 2008-04-14 00:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 00:42 - 2008-04-14 00:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-09-24 20:59 - 2014-09-23 00:07 - 08577864 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 20:59 - 2014-09-23 00:07 - 00331592 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 20:59 - 2014-09-23 00:06 - 01660232 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 20:59 - 2014-09-23 00:07 - 14891848 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2008-04-14 00:42 - 2008-04-14 00:42 - 00279040 _____ () C:\WINDOWS\help\TShoot.dll
2008-04-14 00:42 - 2008-04-14 00:42 - 00034816 _____ () C:\WINDOWS\help\sniffpol.dll
2008-04-14 00:42 - 2008-04-14 00:42 - 00033280 _____ () C:\WINDOWS\help\sstub.dll
2014-04-12 11:09 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 11:09 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1214440339-287218729-1417001333-500 - Administrator - Enabled)
Guest (S-1-5-21-1214440339-287218729-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1214440339-287218729-1417001333-1000 - Limited - Disabled)
Owner (S-1-5-21-1214440339-287218729-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1214440339-287218729-1417001333-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: O2Micro SmartCardBus_Reader
Description: O2Micro SmartCardBus_Reader
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/14/2014 06:25:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2203
 
Error: (10/14/2014 06:25:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2203
 
Error: (10/14/2014 06:25:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/13/2014 11:23:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4406
 
Error: (10/13/2014 11:23:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4406
 
Error: (10/13/2014 11:23:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/13/2014 11:23:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2047
 
Error: (10/13/2014 11:23:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2047
 
Error: (10/13/2014 11:23:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/13/2014 07:05:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4516
 
 
System errors:
=============
Error: (10/14/2014 10:41:00 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (10/14/2014 06:13:43 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.12 on the
Network Card with network address 001B770E9286.
 
Error: (10/13/2014 10:15:47 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (10/13/2014 10:15:46 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (10/13/2014 10:13:20 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (10/13/2014 10:03:13 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.12 on the
Network Card with network address 001B770E9286.
 
Error: (10/13/2014 06:44:33 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.12 on the
Network Card with network address 001B770E9286.
 
Error: (10/13/2014 06:53:50 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.12 on the
Network Card with network address 001B770E9286.
 
Error: (10/12/2014 08:52:00 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
Error: (10/12/2014 08:51:59 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 64%
Total physical RAM: 2037.79 MB
Available physical RAM: 723.85 MB
Total Pagefile: 3928.75 MB
Available Pagefile: 2756.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.4 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.52 GB) (Free:45.64 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 89B189B1)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 


#4 meeql

meeql
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 14 October 2014 - 10:28 PM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-14 23:17:29
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB2O 74.53GB
Running: lvj7w1so.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgliipoc.sys
 
 
---- System - GMER 2.1 ----
 
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwCreateFile [0xBA3D1178]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwCreateKey [0xBA3D19F8]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwDeleteFile [0xBA3D110C]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwDeleteValueKey [0xBA3D1C7E]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwOpenFile [0xBA3D124E]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwOpenKey [0xBA3D1AEA]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwOpenProcess [0xBA3D1DF8]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwQueryDirectoryFile [0xBA3D14B4]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwSetInformationFile [0xBA3D0F46]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwSetValueKey [0xBA3D1B72]
SSDT  \??\C:\WINDOWS\system32\Drivers\pcwatch.sys                                                                                    ZwTerminateProcess [0xBA3D1E94]
 
---- Registry - GMER 2.1 ----
 
Reg   HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                13994
Reg   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24283C33-E530-40B8-8401-EB289CF7FE13}@LeaseObtainedTime    1413340262
Reg   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24283C33-E530-40B8-8401-EB289CF7FE13}@T1                   1413342062
Reg   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24283C33-E530-40B8-8401-EB289CF7FE13}@T2                   1413343412
Reg   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24283C33-E530-40B8-8401-EB289CF7FE13}@LeaseTerminatesTime  1413343862
Reg   HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24283C33-E530-40B8-8401-EB289CF7FE13}@DhcpRetryTime        1795
Reg   HKLM\SYSTEM\CurrentControlSet\Services\{24283C33-E530-40B8-8401-EB289CF7FE13}\Parameters\Tcpip@LeaseObtainedTime               1413340262
Reg   HKLM\SYSTEM\CurrentControlSet\Services\{24283C33-E530-40B8-8401-EB289CF7FE13}\Parameters\Tcpip@T1                              1413342062
Reg   HKLM\SYSTEM\CurrentControlSet\Services\{24283C33-E530-40B8-8401-EB289CF7FE13}\Parameters\Tcpip@T2                              1413343412
Reg   HKLM\SYSTEM\CurrentControlSet\Services\{24283C33-E530-40B8-8401-EB289CF7FE13}\Parameters\Tcpip@LeaseTerminatesTime             1413343862
Reg   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed                                                   922
Reg   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful                                                  607
 
---- EOF - GMER 2.1 ----


#5 meeql

meeql
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 14 October 2014 - 10:48 PM

23:41:25.0843 0x1088  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:41:30.0187 0x1088  ============================================================
23:41:30.0187 0x1088  Current date / time: 2014/10/14 23:41:30.0187
23:41:30.0187 0x1088  SystemInfo:
23:41:30.0187 0x1088  
23:41:30.0187 0x1088  OS Version: 5.1.2600 ServicePack: 3.0
23:41:30.0187 0x1088  Product type: Workstation
23:41:30.0187 0x1088  ComputerName: COMPUTER_1
23:41:30.0187 0x1088  UserName: Owner
23:41:30.0187 0x1088  Windows directory: C:\WINDOWS
23:41:30.0187 0x1088  System windows directory: C:\WINDOWS
23:41:30.0187 0x1088  Processor architecture: Intel x86
23:41:30.0187 0x1088  Number of processors: 2
23:41:30.0187 0x1088  Page size: 0x1000
23:41:30.0187 0x1088  Boot type: Normal boot
23:41:30.0187 0x1088  ============================================================
23:41:30.0796 0x1088  KLMD registered as C:\WINDOWS\system32\drivers\47362895.sys
23:41:31.0375 0x1088  System UUID: {7F05A6B4-40C9-6577-9823-2C097D88609B}
23:41:33.0218 0x1088  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:41:33.0218 0x1088  ============================================================
23:41:33.0218 0x1088  \Device\Harddisk0\DR0:
23:41:33.0218 0x1088  MBR partitions:
23:41:33.0218 0x1088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
23:41:33.0218 0x1088  ============================================================
23:41:33.0265 0x1088  C: <-> \Device\Harddisk0\DR0\Partition1
23:41:33.0265 0x1088  ============================================================
23:41:33.0265 0x1088  Initialize success
23:41:33.0265 0x1088  ============================================================
23:41:35.0218 0x1ad0  ============================================================
23:41:35.0218 0x1ad0  Scan started
23:41:35.0218 0x1ad0  Mode: Manual; 
23:41:35.0218 0x1ad0  ============================================================
23:41:35.0218 0x1ad0  KSN ping started
23:41:49.0796 0x1ad0  KSN ping finished: true
23:41:50.0390 0x1ad0  ================ Scan system memory ========================
23:41:50.0390 0x1ad0  System memory - ok
23:41:50.0390 0x1ad0  ================ Scan services =============================
23:41:50.0500 0x1ad0  Abiosdsk - ok
23:41:50.0500 0x1ad0  abp480n5 - ok
23:41:50.0562 0x1ad0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:41:50.0562 0x1ad0  ACPI - ok
23:41:50.0703 0x1ad0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:41:50.0703 0x1ad0  ACPIEC - ok
23:41:50.0703 0x1ad0  adpu160m - ok
23:41:50.0750 0x1ad0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:41:50.0765 0x1ad0  aec - ok
23:41:50.0828 0x1ad0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:41:50.0828 0x1ad0  AFD - ok
23:41:50.0937 0x1ad0  [ 705BEE10B4911EE333AFCD826988743C, D05503D3BB8F26907B8D1EF1DB797C38C9705DDE3FA3EFC77EAF24F1E909EE1B ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:41:50.0968 0x1ad0  AgereSoftModem - ok
23:41:50.0968 0x1ad0  Aha154x - ok
23:41:50.0968 0x1ad0  aic78u2 - ok
23:41:50.0984 0x1ad0  aic78xx - ok
23:41:51.0015 0x1ad0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:41:51.0015 0x1ad0  Alerter - ok
23:41:51.0046 0x1ad0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
23:41:51.0046 0x1ad0  ALG - ok
23:41:51.0046 0x1ad0  AliIde - ok
23:41:51.0046 0x1ad0  amsint - ok
23:41:51.0187 0x1ad0  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:41:51.0187 0x1ad0  Apple Mobile Device - ok
23:41:51.0218 0x1ad0  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:41:51.0234 0x1ad0  AppMgmt - ok
23:41:51.0265 0x1ad0  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:41:51.0265 0x1ad0  Arp1394 - ok
23:41:51.0265 0x1ad0  asc - ok
23:41:51.0265 0x1ad0  asc3350p - ok
23:41:51.0281 0x1ad0  asc3550 - ok
23:41:51.0375 0x1ad0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:41:51.0375 0x1ad0  aspnet_state - ok
23:41:51.0406 0x1ad0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:41:51.0406 0x1ad0  AsyncMac - ok
23:41:51.0453 0x1ad0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:41:51.0453 0x1ad0  atapi - ok
23:41:51.0453 0x1ad0  Atdisk - ok
23:41:51.0468 0x1ad0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:41:51.0468 0x1ad0  Atmarpc - ok
23:41:51.0484 0x1ad0  [ 387EDC1168F48B68CA1557D949101CDA, BF2EBA6DD3ED17FA258451B2F3E97EF5548C57F4F2CE2F509D99EAAC5434D4AF ] ATSWPDRV        C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
23:41:51.0500 0x1ad0  ATSWPDRV - ok
23:41:51.0531 0x1ad0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:41:51.0531 0x1ad0  AudioSrv - ok
23:41:51.0578 0x1ad0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:41:51.0578 0x1ad0  audstub - ok
23:41:51.0625 0x1ad0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:41:51.0625 0x1ad0  Beep - ok
23:41:51.0703 0x1ad0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:41:51.0812 0x1ad0  BITS - ok
23:41:51.0984 0x1ad0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:41:51.0984 0x1ad0  Bonjour Service - ok
23:41:52.0031 0x1ad0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
23:41:52.0046 0x1ad0  Browser - ok
23:41:52.0078 0x1ad0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:41:52.0078 0x1ad0  cbidf2k - ok
23:41:52.0093 0x1ad0  cd20xrnt - ok
23:41:52.0093 0x1ad0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:41:52.0093 0x1ad0  Cdaudio - ok
23:41:52.0140 0x1ad0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:41:52.0140 0x1ad0  Cdfs - ok
23:41:52.0156 0x1ad0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:41:52.0171 0x1ad0  Cdrom - ok
23:41:52.0171 0x1ad0  Changer - ok
23:41:52.0187 0x1ad0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:41:52.0203 0x1ad0  CiSvc - ok
23:41:52.0218 0x1ad0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:41:52.0218 0x1ad0  ClipSrv - ok
23:41:52.0250 0x1ad0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:41:52.0265 0x1ad0  clr_optimization_v2.0.50727_32 - ok
23:41:52.0296 0x1ad0  CltMngSvc - ok
23:41:52.0312 0x1ad0  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:41:52.0312 0x1ad0  CmBatt - ok
23:41:52.0312 0x1ad0  CmdIde - ok
23:41:52.0312 0x1ad0  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:41:52.0328 0x1ad0  Compbatt - ok
23:41:52.0328 0x1ad0  COMSysApp - ok
23:41:52.0421 0x1ad0  [ 759B50F48F24B5B3146BDAB317537FB1, 0A20701A736945971C88471F70481B8E8E414A6B741D737849F25F9D516932C6 ] CouponPrinterService C:\Program Files\Coupons\CouponPrinterService.exe
23:41:52.0421 0x1ad0  CouponPrinterService - ok
23:41:52.0421 0x1ad0  Cpqarray - ok
23:41:52.0453 0x1ad0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:41:52.0468 0x1ad0  CryptSvc - ok
23:41:52.0468 0x1ad0  dac2w2k - ok
23:41:52.0468 0x1ad0  dac960nt - ok
23:41:52.0531 0x1ad0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:41:52.0656 0x1ad0  DcomLaunch - ok
23:41:52.0703 0x1ad0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:41:52.0734 0x1ad0  Dhcp - ok
23:41:52.0734 0x1ad0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:41:52.0750 0x1ad0  Disk - ok
23:41:52.0750 0x1ad0  dmadmin - ok
23:41:52.0796 0x1ad0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:41:52.0828 0x1ad0  dmboot - ok
23:41:52.0843 0x1ad0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:41:52.0859 0x1ad0  dmio - ok
23:41:52.0875 0x1ad0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:41:52.0875 0x1ad0  dmload - ok
23:41:52.0906 0x1ad0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:41:52.0937 0x1ad0  dmserver - ok
23:41:53.0000 0x1ad0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:41:53.0000 0x1ad0  DMusic - ok
23:41:53.0046 0x1ad0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:41:53.0078 0x1ad0  Dnscache - ok
23:41:53.0093 0x1ad0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:41:53.0125 0x1ad0  Dot3svc - ok
23:41:53.0140 0x1ad0  dpti2o - ok
23:41:53.0140 0x1ad0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:41:53.0140 0x1ad0  drmkaud - ok
23:41:53.0156 0x1ad0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:41:53.0187 0x1ad0  EapHost - ok
23:41:53.0187 0x1ad0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:41:53.0250 0x1ad0  ERSvc - ok
23:41:53.0281 0x1ad0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
23:41:53.0437 0x1ad0  Eventlog - ok
23:41:53.0468 0x1ad0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
23:41:53.0500 0x1ad0  EventSystem - ok
23:41:53.0546 0x1ad0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:41:53.0546 0x1ad0  Fastfat - ok
23:41:53.0593 0x1ad0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:41:53.0703 0x1ad0  FastUserSwitchingCompatibility - ok
23:41:53.0718 0x1ad0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
23:41:53.0734 0x1ad0  Fdc - ok
23:41:53.0734 0x1ad0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:41:53.0750 0x1ad0  Fips - ok
23:41:53.0750 0x1ad0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
23:41:53.0750 0x1ad0  Flpydisk - ok
23:41:53.0812 0x1ad0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:41:53.0812 0x1ad0  FltMgr - ok
23:41:53.0875 0x1ad0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:41:53.0875 0x1ad0  FontCache3.0.0.0 - ok
23:41:53.0890 0x1ad0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:41:53.0906 0x1ad0  Fs_Rec - ok
23:41:53.0906 0x1ad0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:41:53.0921 0x1ad0  Ftdisk - ok
23:41:53.0953 0x1ad0  [ 00845DCD64FE6348DDF7890C310C17B9, F4A9C731F31F4D6E6F3E209410125F4750B784B0C17BD0BC396ECDD6C878931E ] FUJ02B1         C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
23:41:53.0953 0x1ad0  FUJ02B1 - ok
23:41:53.0953 0x1ad0  [ C4942669FDE5ABD7BBE70027C9DE1247, 0714A9EEFFF3C7153499520A09D791285DD3C2BF4400453E94D3E9A80D537382 ] FUJ02E1         C:\WINDOWS\system32\Drivers\FUJ02E1.sys
23:41:53.0953 0x1ad0  FUJ02E1 - ok
23:41:53.0968 0x1ad0  [ EF9F310F86FD504AFCDCEDF8280091FB, E19BD9F93700E4F02A8A229AA12839A1CAE64D503130B06E72E9F0D424D5EB6E ] FUJ02E3         C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys
23:41:53.0984 0x1ad0  FUJ02E3 - ok
23:41:54.0000 0x1ad0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:41:54.0015 0x1ad0  GEARAspiWDM - ok
23:41:54.0031 0x1ad0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:41:54.0046 0x1ad0  Gpc - ok
23:41:54.0093 0x1ad0  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:41:54.0093 0x1ad0  gusvc - ok
23:41:54.0140 0x1ad0  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:41:54.0140 0x1ad0  HDAudBus - ok
23:41:54.0218 0x1ad0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:41:54.0218 0x1ad0  helpsvc - ok
23:41:54.0234 0x1ad0  HidServ - ok
23:41:54.0265 0x1ad0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:41:54.0359 0x1ad0  hkmsvc - ok
23:41:54.0359 0x1ad0  hpn - ok
23:41:54.0390 0x1ad0  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:41:54.0406 0x1ad0  HPZid412 - ok
23:41:54.0421 0x1ad0  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:41:54.0437 0x1ad0  HPZius12 - ok
23:41:54.0500 0x1ad0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:41:54.0515 0x1ad0  HTTP - ok
23:41:54.0562 0x1ad0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:41:54.0781 0x1ad0  HTTPFilter - ok
23:41:54.0781 0x1ad0  i2omgmt - ok
23:41:54.0781 0x1ad0  i2omp - ok
23:41:54.0828 0x1ad0  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:41:54.0828 0x1ad0  i8042prt - ok
23:41:55.0203 0x1ad0  [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:41:55.0359 0x1ad0  ialm - ok
23:41:55.0437 0x1ad0  [ 8EF427C54497C5F8A7A645990E4278C7, 3890391A489DAAFE155345C2E16BE17DF1E3E23DEE73EE849A7F96132AE65417 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:41:55.0453 0x1ad0  iaStor - ok
23:41:55.0468 0x1ad0  [ E5A0034847537EAEE3C00349D5C34C5F, 3E0F99512CDFF0B628E2FF5B91BB371CDEF65201B03C53182C97DDE34E26E04C ] iastor78        C:\WINDOWS\system32\drivers\iastor78.sys
23:41:55.0500 0x1ad0  iastor78 - ok
23:41:55.0546 0x1ad0  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:41:55.0546 0x1ad0  IDriverT - ok
23:41:55.0640 0x1ad0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:41:55.0671 0x1ad0  idsvc - ok
23:41:55.0734 0x1ad0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:41:55.0750 0x1ad0  Imapi - ok
23:41:55.0765 0x1ad0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:41:55.0843 0x1ad0  ImapiService - ok
23:41:55.0859 0x1ad0  ini910u - ok
23:41:56.0234 0x1ad0  [ B2957D6C1226F029230DAC2C46D34286, C581D967C96DD3EC1DFFEDF01087A3042FED333CFF389698FCC7396B79B8C13F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:41:56.0343 0x1ad0  IntcAzAudAddService - ok
23:41:56.0359 0x1ad0  IntelIde - ok
23:41:56.0406 0x1ad0  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:41:56.0406 0x1ad0  intelppm - ok
23:41:56.0437 0x1ad0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:41:56.0453 0x1ad0  Ip6Fw - ok
23:41:56.0484 0x1ad0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:41:56.0484 0x1ad0  IpFilterDriver - ok
23:41:56.0500 0x1ad0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:41:56.0500 0x1ad0  IpInIp - ok
23:41:56.0515 0x1ad0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:41:56.0515 0x1ad0  IpNat - ok
23:41:56.0593 0x1ad0  [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:41:56.0609 0x1ad0  iPod Service - ok
23:41:56.0671 0x1ad0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:41:56.0671 0x1ad0  IPSec - ok
23:41:56.0718 0x1ad0  [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
23:41:56.0734 0x1ad0  irda - ok
23:41:56.0781 0x1ad0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:41:56.0781 0x1ad0  IRENUM - ok
23:41:56.0796 0x1ad0  [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon           C:\WINDOWS\System32\irmon.dll
23:41:56.0843 0x1ad0  Irmon - ok
23:41:56.0906 0x1ad0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:41:56.0921 0x1ad0  isapnp - ok
23:41:57.0015 0x1ad0  [ 0A5709543986843D37A92290B7838340, 8945A09816A1A1450202BA621C9DA1F9F922594CCE9DE0995FE863F78C584686 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
23:41:57.0031 0x1ad0  JavaQuickStarterService - ok
23:41:57.0078 0x1ad0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:41:57.0093 0x1ad0  Kbdclass - ok
23:41:57.0125 0x1ad0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:41:57.0156 0x1ad0  kmixer - ok
23:41:57.0187 0x1ad0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:41:57.0203 0x1ad0  KSecDD - ok
23:41:57.0250 0x1ad0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
23:41:57.0437 0x1ad0  LanmanServer - ok
23:41:57.0484 0x1ad0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:41:57.0625 0x1ad0  lanmanworkstation - ok
23:41:57.0625 0x1ad0  lbrtfdc - ok
23:41:57.0703 0x1ad0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:41:57.0765 0x1ad0  LmHosts - ok
23:41:57.0796 0x1ad0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:41:57.0875 0x1ad0  Messenger - ok
23:41:57.0953 0x1ad0  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:41:57.0968 0x1ad0  Microsoft Office Groove Audit Service - ok
23:41:58.0000 0x1ad0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:41:58.0015 0x1ad0  mnmdd - ok
23:41:58.0062 0x1ad0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:41:58.0125 0x1ad0  mnmsrvc - ok
23:41:58.0171 0x1ad0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:41:58.0187 0x1ad0  Modem - ok
23:41:58.0187 0x1ad0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:41:58.0203 0x1ad0  Mouclass - ok
23:41:58.0218 0x1ad0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:41:58.0234 0x1ad0  MountMgr - ok
23:41:58.0265 0x1ad0  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:41:58.0296 0x1ad0  MpFilter - ok
23:41:58.0421 0x1ad0  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsla768c059   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2D06FDE-A9C3-47AE-9CF2-808FD11A3898}\MpKsla768c059.sys
23:41:58.0421 0x1ad0  MpKsla768c059 - ok
23:41:58.0421 0x1ad0  mraid35x - ok
23:41:58.0453 0x1ad0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:41:58.0468 0x1ad0  MRxDAV - ok
23:41:58.0546 0x1ad0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:41:58.0578 0x1ad0  MRxSmb - ok
23:41:58.0609 0x1ad0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:41:58.0718 0x1ad0  MSDTC - ok
23:41:58.0734 0x1ad0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:41:58.0734 0x1ad0  Msfs - ok
23:41:58.0750 0x1ad0  MSIServer - ok
23:41:58.0765 0x1ad0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:41:58.0781 0x1ad0  MSKSSRV - ok
23:41:58.0843 0x1ad0  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:41:58.0843 0x1ad0  MsMpSvc - ok
23:41:58.0875 0x1ad0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:41:58.0890 0x1ad0  MSPCLOCK - ok
23:41:58.0906 0x1ad0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:41:58.0921 0x1ad0  MSPQM - ok
23:41:58.0937 0x1ad0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:41:58.0953 0x1ad0  mssmbios - ok
23:41:59.0000 0x1ad0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:41:59.0015 0x1ad0  Mup - ok
23:41:59.0171 0x1ad0  [ 411F9EEF72CACD4E76431B282099A3A6, 68BDA51ADF31A6DB3023A530C700B904EBB972DD9A0352A52ACFC80508304624 ] MyOSProtect     C:\Program Files\Web Protect\MyOSProtect.exe
23:41:59.0234 0x1ad0  MyOSProtect - ok
23:41:59.0296 0x1ad0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:41:59.0468 0x1ad0  napagent - ok
23:41:59.0531 0x1ad0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:41:59.0531 0x1ad0  NDIS - ok
23:41:59.0578 0x1ad0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:41:59.0593 0x1ad0  NdisTapi - ok
23:41:59.0609 0x1ad0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:41:59.0625 0x1ad0  Ndisuio - ok
23:41:59.0625 0x1ad0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:41:59.0640 0x1ad0  NdisWan - ok
23:41:59.0687 0x1ad0  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:41:59.0703 0x1ad0  NDProxy - ok
23:41:59.0750 0x1ad0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:41:59.0765 0x1ad0  NetBIOS - ok
23:41:59.0781 0x1ad0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:41:59.0796 0x1ad0  NetBT - ok
23:41:59.0828 0x1ad0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:41:59.0921 0x1ad0  NetDDE - ok
23:41:59.0921 0x1ad0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:42:00.0015 0x1ad0  NetDDEdsdm - ok
23:42:00.0046 0x1ad0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:42:00.0109 0x1ad0  Netlogon - ok
23:42:00.0171 0x1ad0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
23:42:00.0265 0x1ad0  Netman - ok
23:42:00.0296 0x1ad0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:42:00.0296 0x1ad0  NetTcpPortSharing - ok
23:42:00.0484 0x1ad0  [ D57258165ABA8162DE8E29D71487FC4B, F793811223DCDAD342AFFA6B6443F6A532CACEDD170DE2E295C891D6699A4ADA ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
23:42:00.0562 0x1ad0  NETw4x32 - ok
23:42:00.0593 0x1ad0  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:42:00.0593 0x1ad0  NIC1394 - ok
23:42:00.0640 0x1ad0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:42:00.0765 0x1ad0  Nla - ok
23:42:00.0781 0x1ad0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:42:00.0796 0x1ad0  Npfs - ok
23:42:00.0828 0x1ad0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:00.0859 0x1ad0  Ntfs - ok
23:42:00.0875 0x1ad0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:42:00.0968 0x1ad0  NtLmSsp - ok
23:42:01.0031 0x1ad0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:42:01.0125 0x1ad0  NtmsSvc - ok
23:42:01.0171 0x1ad0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:42:01.0187 0x1ad0  Null - ok
23:42:01.0203 0x1ad0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:01.0218 0x1ad0  NwlnkFlt - ok
23:42:01.0218 0x1ad0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:01.0234 0x1ad0  NwlnkFwd - ok
23:42:01.0265 0x1ad0  [ A7B4D345D0F160649AA7CDC37E5C1A28, 616E9B312E4DAAD6EF81CFB6A9D0863B61D3BEC18F5A78F705AC029FFB0FC566 ] O2Flash         C:\WINDOWS\system32\o2flash.exe
23:42:01.0359 0x1ad0  O2Flash - ok
23:42:01.0406 0x1ad0  [ 25357AE3F28F7BA7F0C2F2CDC7399C38, CC47CFDE701AA4ADAA407C93F37B2DB2F1A6CF8C4C63B4904B1E17423CCD1FFB ] O2MDRDR         C:\WINDOWS\system32\DRIVERS\o2media.sys
23:42:01.0406 0x1ad0  O2MDRDR - ok
23:42:01.0421 0x1ad0  [ 552F07EA923CB37FE586B5FEE080876E, 58937111C4C11A85F7CA64DE6B81A5E31992F98EE024A2BEF9F0A1F786E8B301 ] O2SDRDR         C:\WINDOWS\system32\DRIVERS\o2sd.sys
23:42:01.0421 0x1ad0  O2SDRDR - ok
23:42:01.0515 0x1ad0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:42:01.0531 0x1ad0  odserv - ok
23:42:01.0546 0x1ad0  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:42:01.0546 0x1ad0  ohci1394 - ok
23:42:01.0578 0x1ad0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:42:01.0578 0x1ad0  ose - ok
23:42:01.0625 0x1ad0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:42:01.0640 0x1ad0  Parport - ok
23:42:01.0640 0x1ad0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:01.0656 0x1ad0  PartMgr - ok
23:42:01.0703 0x1ad0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:01.0718 0x1ad0  ParVdm - ok
23:42:01.0750 0x1ad0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:01.0765 0x1ad0  PCI - ok
23:42:01.0765 0x1ad0  PCIDump - ok
23:42:01.0765 0x1ad0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:42:01.0781 0x1ad0  PCIIde - ok
23:42:01.0812 0x1ad0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:42:01.0828 0x1ad0  Pcmcia - ok
23:42:01.0875 0x1ad0  [ 3182A7B614220DD26804589BD910E28D, DBBEB4068AFBC86CEC68B2EBFC00D7890251D3640758B61A929AEC3FAFAB2745 ] pcwatch         C:\WINDOWS\system32\Drivers\pcwatch.sys
23:42:01.0890 0x1ad0  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\pcwatch.sys. md5: 3182A7B614220DD26804589BD910E28D, sha256: DBBEB4068AFBC86CEC68B2EBFC00D7890251D3640758B61A929AEC3FAFAB2745
23:42:01.0890 0x1ad0  pcwatch - detected LockedFile.Multi.Generic ( 1 )
23:42:04.0781 0x1ad0  pcwatch ( LockedFile.Multi.Generic ) - warning
23:42:04.0781 0x1ad0  Force sending object to P2P due to detect: pcwatch
23:42:07.0468 0x1ad0  Object send P2P result: true
23:42:10.0000 0x1ad0  PDCOMP - ok
23:42:10.0000 0x1ad0  PDFRAME - ok
23:42:10.0000 0x1ad0  PDRELI - ok
23:42:10.0015 0x1ad0  PDRFRAME - ok
23:42:10.0015 0x1ad0  perc2 - ok
23:42:10.0015 0x1ad0  perc2hib - ok
23:42:10.0062 0x1ad0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:42:10.0250 0x1ad0  PlugPlay - ok
23:42:10.0265 0x1ad0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:42:10.0328 0x1ad0  PolicyAgent - ok
23:42:10.0375 0x1ad0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:10.0390 0x1ad0  PptpMiniport - ok
23:42:10.0390 0x1ad0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:42:10.0453 0x1ad0  ProtectedStorage - ok
23:42:10.0500 0x1ad0  [ 8717FA628A749175A7EF127DF2C012FC, 0BB5A9CD3F1691F9666D779505B7483A024FB7660EE99AE95DE20085B744493A ] ProtectMonitor  C:\monitorsvc.exe
23:42:10.0500 0x1ad0  ProtectMonitor - ok
23:42:10.0531 0x1ad0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:10.0546 0x1ad0  PSched - ok
23:42:10.0562 0x1ad0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:10.0562 0x1ad0  Ptilink - ok
23:42:10.0578 0x1ad0  ql1080 - ok
23:42:10.0578 0x1ad0  Ql10wnt - ok
23:42:10.0578 0x1ad0  ql12160 - ok
23:42:10.0593 0x1ad0  ql1240 - ok
23:42:10.0593 0x1ad0  ql1280 - ok
23:42:10.0625 0x1ad0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:10.0640 0x1ad0  RasAcd - ok
23:42:10.0671 0x1ad0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:42:10.0781 0x1ad0  RasAuto - ok
23:42:10.0796 0x1ad0  [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:42:10.0812 0x1ad0  Rasirda - ok
23:42:10.0828 0x1ad0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:10.0828 0x1ad0  Rasl2tp - ok
23:42:10.0859 0x1ad0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:42:10.0984 0x1ad0  RasMan - ok
23:42:11.0000 0x1ad0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:11.0015 0x1ad0  RasPppoe - ok
23:42:11.0015 0x1ad0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:11.0031 0x1ad0  Raspti - ok
23:42:11.0062 0x1ad0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:11.0078 0x1ad0  Rdbss - ok
23:42:11.0093 0x1ad0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:11.0093 0x1ad0  RDPCDD - ok
23:42:11.0156 0x1ad0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:42:11.0171 0x1ad0  rdpdr - ok
23:42:11.0218 0x1ad0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:11.0234 0x1ad0  RDPWD - ok
23:42:11.0250 0x1ad0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:42:11.0359 0x1ad0  RDSessMgr - ok
23:42:11.0390 0x1ad0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:11.0406 0x1ad0  redbook - ok
23:42:11.0453 0x1ad0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:42:11.0515 0x1ad0  RemoteAccess - ok
23:42:11.0562 0x1ad0  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:42:11.0718 0x1ad0  RemoteRegistry - ok
23:42:11.0734 0x1ad0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:42:11.0796 0x1ad0  RpcLocator - ok
23:42:11.0843 0x1ad0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:42:11.0968 0x1ad0  RpcSs - ok
23:42:12.0000 0x1ad0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:42:12.0109 0x1ad0  RSVP - ok
23:42:12.0125 0x1ad0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:42:12.0187 0x1ad0  SamSs - ok
23:42:12.0234 0x1ad0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:42:12.0343 0x1ad0  SCardSvr - ok
23:42:12.0390 0x1ad0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:42:12.0500 0x1ad0  Schedule - ok
23:42:12.0546 0x1ad0  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:42:12.0546 0x1ad0  sdbus - ok
23:42:12.0578 0x1ad0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:12.0593 0x1ad0  Secdrv - ok
23:42:12.0609 0x1ad0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:42:12.0734 0x1ad0  seclogon - ok
23:42:12.0734 0x1ad0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
23:42:12.0843 0x1ad0  SENS - ok
23:42:12.0875 0x1ad0  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:42:12.0890 0x1ad0  serenum - ok
23:42:12.0890 0x1ad0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:42:12.0906 0x1ad0  Serial - ok
23:42:12.0921 0x1ad0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:12.0937 0x1ad0  Sfloppy - ok
23:42:12.0984 0x1ad0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:42:13.0031 0x1ad0  SharedAccess - ok
23:42:13.0062 0x1ad0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:42:13.0171 0x1ad0  ShellHWDetection - ok
23:42:13.0171 0x1ad0  Simbad - ok
23:42:13.0515 0x1ad0  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:42:13.0593 0x1ad0  Skype C2C Service - ok
23:42:13.0687 0x1ad0  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:42:13.0703 0x1ad0  SkypeUpdate - ok
23:42:13.0750 0x1ad0  [ 62556D170F22C43A544481E4EE16D2E2, 5920052706902D78E2191523EA61522BE087F37E4F07F33905D93ED31045978B ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys
23:42:13.0781 0x1ad0  SMCIRDA - ok
23:42:13.0828 0x1ad0  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:42:13.0859 0x1ad0  SONYPVU1 - ok
23:42:13.0859 0x1ad0  Sparrow - ok
23:42:13.0890 0x1ad0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:42:13.0921 0x1ad0  splitter - ok
23:42:13.0968 0x1ad0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:42:14.0156 0x1ad0  Spooler - ok
23:42:14.0203 0x1ad0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:14.0218 0x1ad0  sr - ok
23:42:14.0218 0x1ad0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:42:14.0343 0x1ad0  srservice - ok
23:42:14.0375 0x1ad0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:14.0390 0x1ad0  Srv - ok
23:42:14.0437 0x1ad0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:42:14.0546 0x1ad0  SSDPSRV - ok
23:42:14.0609 0x1ad0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:42:14.0750 0x1ad0  stisvc - ok
23:42:14.0781 0x1ad0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:14.0796 0x1ad0  swenum - ok
23:42:14.0812 0x1ad0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:42:14.0828 0x1ad0  swmidi - ok
23:42:14.0828 0x1ad0  SwPrv - ok
23:42:14.0828 0x1ad0  symc810 - ok
23:42:14.0828 0x1ad0  symc8xx - ok
23:42:14.0843 0x1ad0  sym_hi - ok
23:42:14.0843 0x1ad0  sym_u3 - ok
23:42:14.0859 0x1ad0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:14.0875 0x1ad0  sysaudio - ok
23:42:14.0890 0x1ad0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:42:15.0015 0x1ad0  SysmonLog - ok
23:42:15.0046 0x1ad0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:42:15.0171 0x1ad0  TapiSrv - ok
23:42:15.0296 0x1ad0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:15.0312 0x1ad0  Tcpip - ok
23:42:15.0359 0x1ad0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:15.0375 0x1ad0  TDPIPE - ok
23:42:15.0390 0x1ad0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:15.0406 0x1ad0  TDTCP - ok
23:42:15.0406 0x1ad0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:15.0421 0x1ad0  TermDD - ok
23:42:15.0468 0x1ad0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
23:42:15.0593 0x1ad0  TermService - ok
23:42:15.0656 0x1ad0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:42:15.0781 0x1ad0  Themes - ok
23:42:15.0875 0x1ad0  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
23:42:16.0000 0x1ad0  TlntSvr - ok
23:42:16.0000 0x1ad0  TosIde - ok
23:42:16.0031 0x1ad0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:42:16.0156 0x1ad0  TrkWks - ok
23:42:16.0187 0x1ad0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:42:16.0203 0x1ad0  Udfs - ok
23:42:16.0203 0x1ad0  ultra - ok
23:42:16.0250 0x1ad0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:42:16.0281 0x1ad0  Update - ok
23:42:16.0328 0x1ad0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:42:16.0453 0x1ad0  upnphost - ok
23:42:16.0468 0x1ad0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
23:42:16.0593 0x1ad0  UPS - ok
23:42:16.0671 0x1ad0  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:16.0687 0x1ad0  usbccgp - ok
23:42:16.0718 0x1ad0  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:16.0734 0x1ad0  usbehci - ok
23:42:16.0750 0x1ad0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:16.0765 0x1ad0  usbhub - ok
23:42:16.0796 0x1ad0  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:42:16.0812 0x1ad0  usbprint - ok
23:42:16.0843 0x1ad0  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:42:16.0859 0x1ad0  usbscan - ok
23:42:16.0875 0x1ad0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:16.0890 0x1ad0  usbstor - ok
23:42:16.0921 0x1ad0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:16.0937 0x1ad0  usbuhci - ok
23:42:16.0968 0x1ad0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:42:16.0984 0x1ad0  VgaSave - ok
23:42:16.0984 0x1ad0  ViaIde - ok
23:42:17.0015 0x1ad0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:17.0031 0x1ad0  VolSnap - ok
23:42:17.0062 0x1ad0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
23:42:17.0203 0x1ad0  VSS - ok
23:42:17.0265 0x1ad0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
23:42:17.0390 0x1ad0  W32Time - ok
23:42:17.0421 0x1ad0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:17.0437 0x1ad0  Wanarp - ok
23:42:17.0453 0x1ad0  WDICA - ok
23:42:17.0468 0x1ad0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:17.0484 0x1ad0  wdmaud - ok
23:42:17.0500 0x1ad0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:42:17.0625 0x1ad0  WebClient - ok
23:42:17.0703 0x1ad0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:42:17.0718 0x1ad0  winmgmt - ok
23:42:17.0750 0x1ad0  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
23:42:17.0828 0x1ad0  WmdmPmSN - ok
23:42:17.0890 0x1ad0  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:42:17.0921 0x1ad0  Wmi - ok
23:42:17.0953 0x1ad0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:42:17.0968 0x1ad0  WmiApSrv - ok
23:42:18.0000 0x1ad0  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:42:18.0015 0x1ad0  WS2IFSL - ok
23:42:18.0062 0x1ad0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:42:18.0203 0x1ad0  wscsvc - ok
23:42:18.0281 0x1ad0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:42:18.0421 0x1ad0  wuauserv - ok
23:42:18.0468 0x1ad0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:42:18.0625 0x1ad0  WZCSVC - ok
23:42:18.0671 0x1ad0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:42:18.0812 0x1ad0  xmlprov - ok
23:42:18.0859 0x1ad0  [ 89F8C4875E19C7081CF9C37539242AE3, 3485727411CD0B6BDF73707A8738E166AA6F5326E462D5D80949D166050601C8 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
23:42:18.0875 0x1ad0  yukonwxp - ok
23:42:18.0890 0x1ad0  ================ Scan global ===============================
23:42:18.0953 0x1ad0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
23:42:18.0984 0x1ad0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
23:42:19.0125 0x1ad0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
23:42:19.0359 0x1ad0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
23:42:19.0468 0x1ad0  [ Global ] - ok
23:42:19.0468 0x1ad0  ================ Scan MBR ==================================
23:42:19.0546 0x1ad0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:42:19.0734 0x1ad0  \Device\Harddisk0\DR0 - ok
23:42:19.0734 0x1ad0  ================ Scan VBR ==================================
23:42:19.0734 0x1ad0  [ 192D8147AA175F2961D0E77E420F47F2 ] \Device\Harddisk0\DR0\Partition1
23:42:19.0734 0x1ad0  \Device\Harddisk0\DR0\Partition1 - ok
23:42:19.0734 0x1ad0  ================ Scan generic autorun ======================
23:42:19.0781 0x1ad0  [ 9F6B6D0BE4F77F8693E9FD15D81C8A01, 0AC84C233B937372A6EB88CF2186BF8A1884B634660BBF790E9A752A942BFDDC ] C:\WINDOWS\system32\igfxtray.exe
23:42:19.0828 0x1ad0  IgfxTray - ok
23:42:19.0843 0x1ad0  [ 4C53C44E7C20E65445037954DC3A6BA4, F621F9EAA005244CC945FAF87DC0C783FD168B94D40E8E95A07CA86769B778F5 ] C:\WINDOWS\system32\hkcmd.exe
23:42:19.0890 0x1ad0  HotKeysCmds - ok
23:42:19.0906 0x1ad0  [ D8F3B455D3FA4B40C9BF544F55647C19, 92B1D7794F19C448CA802D3A4CB9CD171541CDEA35968F015D8BE0344747A89C ] C:\WINDOWS\system32\igfxpers.exe
23:42:19.0953 0x1ad0  Persistence - ok
23:42:21.0000 0x1ad0  [ B0844D746C47FB20CA50ED0BAD09065C, 5DA02BA9817D2DC6DB06AB77FCCD4F19C70ADC2E42B5D3816AD47246356B4F36 ] C:\WINDOWS\RTHDCPL.EXE
23:42:21.0390 0x1ad0  RTHDCPL - ok
23:42:21.0437 0x1ad0  [ 8B4CBBA1EA526830C7F97E7822E2493A, 1DFD05B1C0050DB44F5B4293E5574BFC292AF804A63FC0A70131BB498C326977 ] C:\WINDOWS\ALCMTR.EXE
23:42:21.0453 0x1ad0  Alcmtr - ok
23:42:21.0468 0x1ad0  [ E5CA40683C681AA3F8CC4556DB6B86FA, 7E808586B6E0932FD6C8BBCD88C4F993C9B5A29E53DBA224B1C38F66152DCFE1 ] C:\WINDOWS\AGRSMMSG.exe
23:42:21.0484 0x1ad0  AGRSMMSG - ok
23:42:21.0531 0x1ad0  [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe
23:42:21.0546 0x1ad0  MSC - ok
23:42:21.0609 0x1ad0  [ 98A078F838A70F84E1BD490D7C7675F4, 8FDE679868958682FEAB801CBD1914F945B824CFCE2C957D8AB51C66F171966B ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
23:42:21.0625 0x1ad0  SunJavaUpdateSched - ok
23:42:21.0640 0x1ad0  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
23:42:21.0656 0x1ad0  GrooveMonitor - ok
23:42:21.0656 0x1ad0  ATSwpNav - ok
23:42:21.0781 0x1ad0  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:42:21.0812 0x1ad0  Adobe ARM - ok
23:42:21.0875 0x1ad0  [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7, 51F3072F9AB9C6B8FF62731834530870A517F3099D1E94E8E2F953484B7A04FE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:42:21.0875 0x1ad0  APSDaemon - ok
23:42:21.0984 0x1ad0  [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC, 8BAD14D327C60B4CBC00278802A5F6453D641EFC2EF97D90E7AB579758DF7FFC ] C:\Program Files\iTunes\iTunesHelper.exe
23:42:22.0015 0x1ad0  iTunesHelper - ok
23:42:22.0109 0x1ad0  [ 2AD3D568D73CA713DB156AD0ED87FB0E, AA1F1150EB9F7182F86879D812AD8FCB8422C4DB40F8E11B7139DA1E04CC37F7 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
23:42:22.0140 0x1ad0  HPDJ Taskbar Utility - ok
23:42:22.0140 0x1ad0  KernelFaultCheck - ok
23:42:22.0234 0x1ad0  [ 5111C89EFE59998BAA0B3664688BF0AC, 1F95513D16CAD9D177ECACA32BF09BD4BFFA644CB25C2C5C2A30228B75B02445 ] C:\Program Files\Browser Features\BManager.exe
23:42:22.0265 0x1ad0  Browser Features - ok
23:42:22.0312 0x1ad0  [ 5111C89EFE59998BAA0B3664688BF0AC, 1F95513D16CAD9D177ECACA32BF09BD4BFFA644CB25C2C5C2A30228B75B02445 ] C:\Program Files\Browser Features\BManager.exe
23:42:22.0343 0x1ad0  BManager - ok
23:42:22.0484 0x1ad0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
23:42:22.0500 0x1ad0  Google Update - ok
23:42:22.0515 0x1ad0  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
23:42:22.0531 0x1ad0  ctfmon.exe - ok
23:42:22.0531 0x1ad0  Weather - ok
23:42:22.0531 0x1ad0  Waiting for KSN requests completion. In queue: 99
23:42:23.0531 0x1ad0  Waiting for KSN requests completion. In queue: 99
23:42:24.0531 0x1ad0  Waiting for KSN requests completion. In queue: 99
23:42:25.0656 0x1ad0  AV detected via SS1: AVG Anti-Virus Free Edition 2012, 2012.0, enabled, updated
23:42:25.0656 0x1ad0  AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
23:42:25.0671 0x1ad0  Win FW state via NFM: enabled
23:42:28.0187 0x1ad0  ============================================================
23:42:28.0187 0x1ad0  Scan finished
23:42:28.0187 0x1ad0  ============================================================
23:42:28.0203 0x0cb4  Detected object count: 1
23:42:28.0203 0x0cb4  Actual detected object count: 1
23:43:32.0140 0x0cb4  pcwatch ( LockedFile.Multi.Generic ) - skipped by user
23:43:32.0140 0x0cb4  pcwatch ( LockedFile.Multi.Generic ) - User select action: Skip 


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 16 October 2014 - 09:35 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Web Protect for Windows
    
    Search Protect
    
    CouponBar
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Please run Malwarebytes Anti-Rootkit again.

  • Scan your system.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 meeql

meeql
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 16 October 2014 - 08:40 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2014.10.16.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: COMPUTER_1 [administrator]
 
10/16/2014 8:43:31 PM
mbar-log-2014-10-16 (20-43-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 283265
Time elapsed: 16 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\pcwatch.sys (PUP.Optional.OSProtect.A) -> Delete on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
 
Database version: v2014.10.16.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: COMPUTER_1 [administrator]
 
10/16/2014 8:43:31 PM
mbar-log-2014-10-16 (20-43-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 283265
Time elapsed: 16 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\pcwatch.sys (PUP.Optional.OSProtect.A) -> Delete on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#8 meeql

meeql
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 16 October 2014 - 08:42 PM

I ran the scan twice, so both mbar log files are above. This is system-log.txt.

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_31
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 2136780800, free: 937496576
 
Downloaded database version: v2014.10.16.08
Downloaded database version: v2014.10.15.01
=======================================
Initializing...
------------ Kernel report ------------
     10/16/2014 20:43:13
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
atapi.sys
iaStor.sys
o2sd.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
o2media.sys
iastor78.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\FUJ02B1.sys
\SystemRoot\System32\Drivers\FUJ02E1.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\smcirda.sys
\SystemRoot\system32\DRIVERS\irenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\FUJ02E3.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\system32\Drivers\pcwatch.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ATSwpDrv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pgliipoc.sys
\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F273FE3-2CFE-4C9D-830B-B8BC09A4D5D7}\MpKsl523169fd.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a0c1648
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a031028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a0c1648, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a0c0020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0c1648, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0188d8, DeviceName: \Device\0000007e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a031028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File C:\WINDOWS\SYSTEM32\drivers\pcwatch.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\pcwatch.sys --> [PUP.Optional.OSProtect.A]
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 89B189B1
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_31
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2136780800, free: 1760063488
 
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_31
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2136780800, free: 1522552832
 
=======================================
Initializing...
------------ Kernel report ------------
     10/16/2014 21:07:51
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
\WINDOWS\system32\drivers\CLASSPNP.SYS
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
atapi.sys
iaStor.sys
o2sd.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
o2media.sys
disk.sys
fltMgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\NETw4x32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\FUJ02B1.sys
\SystemRoot\System32\Drivers\FUJ02E1.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\smcirda.sys
\SystemRoot\system32\DRIVERS\irenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\FUJ02E3.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasirda.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ATSwpDrv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89dec030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff89ddf028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89dec030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89dece08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89dec030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89da6cc8, DeviceName: \Device\0000007e\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89ddf028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 89B189B1
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156280257
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 17 October 2014 - 03:06 AM

Please rescan with FRST (create a new addition.txt as well) and post the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 07 November 2014 - 03:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users