Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can You Please Zero Out My ZeroAccess?


  • This topic is locked This topic is locked
35 replies to this topic

#1 Upbloat

Upbloat

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 19 January 2015 - 12:59 PM

.

Hi! I'm sure it will come as no surprise that I, too, have been sent here from the "Am I infected" forum:

 

http://www.bleepingcomputer.com/forums/t/563033/have-i-been-ratted-out/?p=3596431

 

Before I list my DDS logs, please allow me to bend your ear a tad.

 

(Here I am in an Edit; I deleted what I had written here, because I noticed where this trojan showed up... as Siredef in my \$Recycle.Bin, via my "Malwarebytes Anti-Rootkit" system-log.txt; I suppose Siredef, A.K.A. ZEROACCESS, continues to do damage, even though it is in the Recycle.Bin. Well, that's pretty rude.)

 

I don't think my helper wished to continue conversing with me, although I was dying to know a couple of things, and maybe you can help me with at least one fundamental question. (I spelled these out in what should currently be my next-to-last post from the link above.) Basically, what shook me was a spam e-mail with me in the "From" field and CC'ed e-mail addresses that were taken from a document inside my computer. I not only wanted to learn about how deeply a hacker can get whatever the hacker wants, but also, it doesn't seem like ZEROACCESS can achieve this particular feat of malice. If so, that makes me wonder... perhaps I have some other evil germ lurking about.

 

Finally, I wanted to get rid of this thing right away (Impatience! Another of my vices) and I liked the 1-2-3 steps provided on this other site. I wanted my helper's opinion before proceeding, giving him a few days to respond... but when it became apparent that I was on my own, I figured, heck, why not?

 

So I ran TDSS Killer (again), as they instructed (with whistle-clean results), and their next suggestion was "Combofix." However, when I attempted to download this program (using Bleeping Computer's link), my AVAST blocked it as a malicious infection, citing "FileRepMetagen [DRP]."

 

Wha-aa-att!!? How is that possible? (You know, with the BC source that we can trust... maybe an AVAST false positive?)

 

So then I put my tail between my legs and moved on to putting up my thread here, in order to get led by the hand.

 

I am going to be most grateful for your assistance; thank you in advance.

 

 

My DDS.txt:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561  BrowserJavaVersion: 10.51.2
Run by MG at 12:08:39 on 2015-01-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.1105 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Hotspot Shield\bin\hsscp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\MG\Downloads\Programs\VirtualMagnifyingGlassPortable\VirtualMagnifyingGlassPortable.exe
C:\Users\MG\Downloads\Programs\VirtualMagnifyingGlassPortable\App\magnifyingglass\magnifier.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Users\MG\Downloads\Programs\MALWARE Programs\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uProxyServer = hxxp=;ftp=;https=;
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -

c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - c:\program files\ant.com\ie add-on\Download.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup 2.0\bin\EuWatch.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download with Mipony - c:\program files\mipony\browser\IEContext.htm
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{7B2110B1-8EE4-4815-B407-DAE5D8F2FCDF} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{8AE01CF0-B884-4763-AF52-48DD697EC4A8} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{A472A55C-6D7E-4FF6-ADD9-6775E240DFE7} : DHCPNameServer = 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages =  msv1_0 relog_ap
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.99\installer\chrmstp.exe" --configure-user-settings

--verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.3 www.anchorfree.net
Hosts: 127.0.0.2 www.mefeedia.com
Hosts: 127.0.0.3 anchorfree.net
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\MG\appdata\roaming\mozilla\firefox\profiles\5z4kke4v.default\
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\programdata\realnetworks\realdownloader\browserplugins\firefox\ext\components\nprndlffbrowserrecordext.dll
FF - component: c:\programdata\realnetworks\realdownloader\browserplugins\firefox\ext\components\nprndlffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_51.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-4-13 31112]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-4-13 21896]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-2-25 15672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-24 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-24 361032]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-3-16 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2011-4-12 6272]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-4-13 15240]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2014-9-9 39624]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-24 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-24 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-24 44808]
R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup 2.0\bin\Agent.exe [2011-4-13 55688]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\cmw_srv.exe [2014-5-16 919040]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2014-5-16 430344]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-7-9 195400]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2012-9-23 35088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-

4-16 39056]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-2-22 245760]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2011-4-13 188296]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2014-5-16 37064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 CleanService;CleanService;c:\progra~1\migoso~1\digita~1\CleanService.exe [2011-4-13 58984]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2008-2-12 207360]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-8 126976]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
.
=============== Created Last 30 ================
.
2015-01-14 20:40:29    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-13 05:08:59    --------    d-----w-    c:\programdata\Hotspot Shield
2015-01-13 05:08:48    --------    d-----w-    c:\program files\Hotspot Shield
2015-01-13 05:08:22    --------    d-----w-    c:\users\MG\appdata\roaming\Hotspot Shield
2015-01-13 05:04:57    --------    d-----w-    c:\program files\Orbitdownloader
2015-01-13 03:50:46    --------    d-----w-    c:\windows\ERUNT
2015-01-13 03:39:39    --------    d-----w-    C:\AdwCleaner
2015-01-12 23:10:16    119000    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-12 23:09:59    79576    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-01-12 23:09:59    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-01-12 23:09:59    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-01-12 23:09:59    --------    d-----w-    c:\programdata\Malwarebytes
2015-01-12 23:09:59    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-01-03 02:31:30    --------    d-----w-    c:\program files\NirSoft
2014-12-23 16:45:19    2054656    ----a-w-    c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2011-04-14 04:04:33    686592    ----a-w-    c:\program files\Compact-NFO-Viewer.exe
2004-12-22 22:08:26    65536    ----a-w-    c:\program files\CopyPaste.exe
.
============= FINISH: 12:09:48.17 ===============
 

Attached Files


Edited by Upbloat, 19 January 2015 - 01:39 PM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:03 PM

Posted 19 January 2015 - 07:34 PM

:welcome:

 

Sometimes some Anti Virus program block our tools , there not infected so not to worry.

 

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 

Run these programs and post the logs, you may have to disable your AV in order to download them

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  •  
  • Right click the aswMBR icon and select Run as Administrator
  • XP users just Double Click it to run
  • If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes
  • Click the Scan button to start scan.
  • Select Quickscan on the dropdown list
  • If you are asked to update the Avast Virus database please allow it to do so.
  • The scan could take 20 minutes or more , please be patient and let it finish
  • It will say Scan Finished when its done.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
 

Please download Farbar Recovery Scan Tool and save it to your DESKTOP
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
FRST_zps5d956a1a.jpg
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

Edited by ken545, 19 January 2015 - 07:35 PM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 January 2015 - 02:03 AM

.

Pleased to meet you, Malware Response Team!

 

Got a favor to ask of you. (Yes, on top of the giant favor you are already performing. I am shameless.) One of the tools I have used since encountering this problem, JUNKWARE REMOVAL, obliterated a few of my installed programs without asking. If a tool you will be having me use will similarly do so automatically, would you kindly let me know first?

 

I disguised some of the file names in my Downloads folder; if any become relevant, I should be able to pinpoint them.

 

 

 

AswMBR:

 

 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software

Run date: 2015-01-19 22:10:06

-----------------------------

22:10:06.337    OS Version: Windows 6.0.6002 Service Pack 2

22:10:06.337    Number of processors: 2 586 0xF0D

22:10:06.338    ComputerName: MG-PC  UserName: MG

22:10:14.848    Initialize success

22:10:15.005    VM: initialized successfully

22:10:15.052    VM: Intel CPU virtualization not supported

22:10:17.484    AVAST engine defs: 15011901

22:11:24.555    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5

22:11:24.557    Disk 0 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 3

22:11:24.565    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-2

22:11:24.569    Disk 1 Vendor: ST2000DM001-1CH164 CC26 Size: 1907729MB BusType: 3

22:11:24.848    Disk 0 MBR read successfully

22:11:24.851    Disk 0 MBR scan

22:11:24.857    Disk 0 Windows VISTA default MBR code

22:11:24.863    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       440289 MB offset 63

22:11:24.884    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        36648 MB offset 901712385

22:11:24.894    Disk 0 scanning sectors +976768065

22:11:25.015    Disk 0 scanning C:\Windows\system32\drivers

22:11:45.969    Service scanning

22:12:18.295    Modules scanning

22:12:18.302    Disk 0 trace - called modules:

22:12:18.326    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys

22:12:18.331    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87eb6620]

22:12:18.337    3 CLASSPNP.SYS[8c3d18b3] -> nt!IofCallDriver -> [0x875273a8]

22:12:18.343    5 acpi.sys[842a06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0x8753d5a8]

22:12:20.510    AVAST engine scan C:\Windows

22:12:51.801    AVAST engine scan C:\Windows\system32

22:17:52.663    AVAST engine scan C:\Windows\system32\drivers

22:18:32.146    AVAST engine scan C:\Users\MG

23:23:06.229    AVAST engine scan C:\ProgramData

23:29:24.190    Disk 0 statistics 3539217/0/0 @ 0.43 MB/s

23:29:24.219    Scan finished successfully

00:17:57.190    Disk 0 MBR has been saved successfully to "C:\Users\MG\Downloads\Programs\MALWARE Programs\Programs & Logs for RAT from Bleeping Comp  PART 2\MBR.dat"

00:17:57.205    The log file has been saved successfully to "C:\Users\MG\Downloads\Programs\MALWARE Programs\Programs & Logs for RAT from Bleeping Comp  PART 2\aswMBR.txt"

 

 

 

 

 

 

 

 

 

 

FRST:

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015

Ran by MG (administrator) on MG-PC on 20-01-2015 00:22:52

Running from C:\Users\MG\Downloads

Loaded Profiles: MG & UpdatusUser (Available profiles: MG & UpdatusUser)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe

(Acronis) C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Acronis) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

(Ant.com) C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

(Microsoft Corporation) C:\Windows\System32\sdclt.exe

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe

(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe

() C:\Program Files\Hotspot Shield\bin\hsswd.exe

(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe

(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\HSSCP.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(PortableApps.com) C:\Users\MG\Downloads\Programs\VirtualMagnifyingGlassPortable\VirtualMagnifyingGlassPortable.exe

() C:\Users\MG\Downloads\Programs\VirtualMagnifyingGlassPortable\App\magnifyingglass\magnifier.exe

(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe

(orbitdownloader.com) C:\Program Files\Orbitdownloader\Grab.exe

(Opera Software) C:\Program Files\Opera\opera.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Mirek Wojtowicz) C:\Program Files\MWSnap\MWSnap.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

() C:\Westwood\RA2\RA2MD.exe

(Westwood Studios) C:\Westwood\RA2\gamemd.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Users\MG\Downloads\Programs\MALWARE Programs\Programs & Logs for RAT from Bleeping Comp  PART 2\aswMBR.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9210400 2010-04-30] (Realtek Semiconductor)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)

HKLM\...\Run: [EaseUs Watch] => C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe [69000 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd)

HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [1945688 2007-04-19] (Acronis)

HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)

HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-30] (AVAST Software)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-378341734-3834699623-4277014274-1000\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)

HKU\S-1-5-21-378341734-3834699623-4277014274-1000\...\MountPoints2: {0d2a7950-72f3-11e1-ba03-806e6f6e6963} - D:\autorun.exe

HKU\S-1-5-21-378341734-3834699623-4277014274-1000\...\MountPoints2: {74ed7be1-655b-11e0-89b6-806e6f6e6963} - D:\autorun.exe

HKU\S-1-5-21-378341734-3834699623-4277014274-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [S-1-5-21-378341734-3834699623-4277014274-1000] => http=;ftp=;https=;

HKU\S-1-5-21-378341734-3834699623-4277014274-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR

SearchScopes: HKU\S-1-5-21-378341734-3834699623-4277014274-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR

SearchScopes: HKU\S-1-5-21-378341734-3834699623-4277014274-1000 -> {C03D9C73-78BE-425E-8F46-208967758452} URL = http://www.ant.com/search?s=browser&q={searchTerms}

BHO: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Ant.com browser helper (video detector) -> {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} -> C:\Program Files\Ant.com\IE add-on\download.dll (Ant.com)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll (Ant.com)

Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

Toolbar: HKU\S-1-5-21-378341734-3834699623-4277014274-1000 -> Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

Toolbar: HKU\S-1-5-21-378341734-3834699623-4277014274-1000 -> Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\anttoolbar.dll (Ant.com)

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

 

FireFox:

========

FF ProfilePath: C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF SearchPlugin: C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\searchplugins\ixquick-https.xml

FF SearchPlugin: C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\searchplugins\startpage-https.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml

FF Extension: Ant Video Downloader - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\anttoolbar@ant.com [2012-08-16]

FF Extension: Flash Video Downloader - Full HD Download - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\artur.dubovoy@gmail.com [2014-06-25]

FF Extension: Cookie Whitelist, With Buttons - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\cwwb@dietrich.cx [2012-06-11]

FF Extension: SkipScreen - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\SkipScreen@SkipScreen [2014-09-10]

FF Extension: DictAddon - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\thomas.cummerata@retta.biz [2013-11-19]

FF Extension: TinEye Reverse Image Search - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\tineye@ideeinc.com [2014-10-15]

FF Extension: UnPlug - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\unplug@compunach [2014-07-04]

FF Extension: URL Lister - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\urllister@binnyva.com [2011-05-02]

FF Extension: Resurrect Pages - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3} [2013-07-10]

FF Extension: Session Manager - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2012-11-23]

FF Extension: Pilfer - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{3a7f36a0-c6ec-11dd-ad8b-0800200c9a66} [2013-11-26]

FF Extension: NoScript - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012-03-13]

FF Extension: DownloadHelper - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012-03-13]

FF Extension: Easy YouTube Video Downloader - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2012-06-24]

FF Extension: RightToClick - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2013-11-26]

FF Extension: Adblock Plus - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-03-13]

FF Extension: Tab Mix Plus - C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{dc572301-7619-498c-a57d-39143191b318} [2012-03-13]

FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-09]

FF Extension: DictAddon - C:\Program Files\Mozilla Firefox\browser\extensions\thomas.cummerata@retta.biz [2013-11-19]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-19]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-24]

FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-07]

FF Extension: OneClick YouTube Downloader - C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader [2015-01-13]

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322298&octid=EB_ORIGINAL_CTID&ISID=M6C8BAFCF-F774-4161-9729-774B46DA945E&SearchSource=55&CUI=&UM=6&UP=SP920B756C-B1CA-49AD-AC88-63D63CEE0185&SSPV=

CHR StartupUrls: Default -> "https://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll ()

CHR Plugin: (Orbit Downloader) - C:\Program Files\Google\Chrome\Application\plugins\nporbit.dll No File

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Profile: C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Entanglement Web App) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-15]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (Ultimate YouTube Downloader) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop [2014-06-04]

CHR Extension: (Chrome YouTube Downloader) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2014-06-04]

CHR Extension: (Session Buddy) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-12-31]

CHR Extension: (Easy Youtube Video Downloader) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem [2014-06-04]

CHR Extension: (avast! WebRep) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2011-05-02]

CHR Extension: (RealDownloader) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-07]

CHR Extension: (Disconnect) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2013-09-26]

CHR Extension: (FVD Downloader) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2013-06-30]

CHR Extension: (Poppit!) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-15]

CHR Extension: (Google Wallet) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]

CHR Extension: (Better Pop Up Blocker) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-25]

CHR Extension: (DictAddon) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmfjnicflkkpmkoleeipcbglpmhghca [2013-11-19]

CHR Extension: (Download YouTube Videos as MP4) - C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiedkoafeodhiiccoclonninnkjbjnff [2014-02-27]

CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-05-24]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AcrSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [411168 2007-04-19] (Acronis)

R2 AntUpdaterService; C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe [520216 2011-06-29] (Ant.com)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

S3 CleanService; C:\Program Files\Migo Software\Digital File Shredder Pro\CleanService.exe [58984 2007-06-04] ()

R2 EASEUS Agent; C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe [55688 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]

S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()

R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()

R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195400 2012-07-09] (NETGEAR)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-20] (Microsoft Corporation)

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software)

R1 AswRdr; C:\Windows\system32\Drivers\AswRdr.sys [35928 2012-10-30] (AVAST Software)

R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software)

R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software)

R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software)

R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]

R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group) [File not signed]

R3 dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [18816 2012-03-20] (RIF) [File not signed]

R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [31112 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [188296 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd)

R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [15240 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R0 EUFS; C:\Windows\System32\drivers\eufs.sys [21896 2011-01-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-16] (AnchorFree Inc.)

S3 HSXHWBS3; C:\Windows\System32\DRIVERS\HSXHWBS3.sys [207360 2008-02-12] (Conexant Systems, Inc.)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2012-09-23] (CACE Technologies, Inc.)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()

R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-16] (Anchorfree Inc.)

R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [32768 2011-11-25] (Acronis) [File not signed]

R0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [392320 2011-11-25] (Acronis) [File not signed]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2009-10-26] () [File not signed]

U3 aswMBR; \??\C:\Users\MG\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\MG\AppData\Local\Temp\aswVmm.sys [X]

U3 mbr; \??\C:\Users\MG\AppData\Local\Temp\mbr.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-20 00:22 - 2015-01-20 00:23 - 00027582 _____ () C:\Users\MG\Downloads\FRST.txt

2015-01-20 00:21 - 2015-01-20 00:22 - 00000000 ____D () C:\FRST

2015-01-19 22:18 - 2015-01-19 22:18 - 01118208 _____ (Farbar) C:\Users\MG\Downloads\FRST.exe

2015-01-19 22:04 - 2015-01-19 22:06 - 05198336 _____ (AVAST Software) C:\Users\MG\Downloads\aswMBR (1).exe

2015-01-19 21:09 - 2015-01-19 21:24 - 98250478 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-19 14:21 - 2015-01-19 14:23 - 15431256 _____ () C:\Users\MG\Downloads\RogueKiller.exe

2015-01-19 12:10 - 2015-01-19 12:10 - 00004843 _____ () C:\Users\MG\Desktop\attach.txt

2015-01-19 01:35 - 2015-01-19 02:08 - 224011035 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-19 00:58 - 2015-01-19 01:06 - 56196907 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-19 00:36 - 2015-01-19 00:51 - 68194867 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 23:51 - 2015-01-19 00:08 - 103998962 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 22:12 - 2015-01-18 22:52 - 162993463 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 21:56 - 2015-01-18 21:56 - 116130176 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 21:11 - 2015-01-18 21:59 - 322876646 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 14:08 - 2015-01-18 14:09 - 64492846 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 13:28 - 2015-01-18 13:28 - 72970285 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 12:04 - 2015-01-18 12:04 - 40028133 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 02:53 - 2015-01-18 03:12 - 146665367 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-18 01:27 - 2015-01-18 01:39 - 76172035 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-18 01:12 - 2015-01-18 01:21 - 58159361 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-17 23:48 - 2015-01-18 00:38 - 352279445 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-17 11:31 - 2015-01-17 12:42 - 507705795 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-16 22:39 - 2015-01-16 22:45 - 34734637 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-16 22:33 - 2015-01-16 22:39 - 32770047 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-16 22:32 - 2015-01-16 22:47 - 35733857 _____ () C:\Users\MG\Downloads\(Filename of video)..flv

2015-01-16 22:04 - 2015-01-16 22:09 - 40040788 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-16 13:21 - 2015-01-16 13:45 - 167898675 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-16 02:33 - 2015-01-16 02:47 - 60332163 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-15 12:15 - 2015-01-15 12:24 - 51517842 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 12:10 - 2015-01-15 12:15 - 32250636 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 12:09 - 2015-01-15 12:29 - 60235002 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 09:25 - 2015-01-15 10:36 - 443307239 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 09:19 - 2015-01-15 10:04 - 90359688 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 08:16 - 2015-01-15 09:08 - 360614742 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 08:04 - 2015-01-15 08:10 - 35744906 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 03:56 - 2015-01-15 04:47 - 353299752 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-15 03:30 - 2015-01-15 03:55 - 174405408 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-15 01:12 - 2015-01-15 02:09 - 383175525 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-14 15:40 - 2015-01-14 16:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-01-14 15:38 - 2015-01-14 16:17 - 00000000 ____D () C:\Users\MG\Desktop\mbar (Malwarebytes Anti-Rootkit)

2015-01-14 03:26 - 2015-01-14 03:45 - 118383618 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-14 02:44 - 2015-01-14 03:25 - 244251782 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 22:19 - 2015-01-13 23:02 - 270693995 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 18:59 - 2015-01-13 20:06 - 454749909 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 16:57 - 2015-01-13 18:10 - 448980625 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 15:53 - 2015-01-13 16:56 - 423395894 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 13:38 - 2015-01-13 14:28 - 341143032 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 12:55 - 2015-01-13 13:36 - 274045403 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 11:52 - 2015-01-13 12:36 - 299588557 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 10:28 - 2015-01-13 11:24 - 378238444 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 10:04 - 2015-01-14 17:03 - 189787599 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-13 00:48 - 2015-01-13 01:38 - 342499562 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-13 00:08 - 2015-01-13 00:17 - 00000000 ____D () C:\ProgramData\Hotspot Shield

2015-01-13 00:08 - 2015-01-13 00:09 - 00000000 ____D () C:\Program Files\Hotspot Shield

2015-01-13 00:08 - 2015-01-13 00:08 - 00000452 _____ () C:\Windows\certutil.log

2015-01-13 00:08 - 2015-01-13 00:08 - 00000000 ____D () C:\Users\MG\AppData\Roaming\Hotspot Shield

2015-01-13 00:05 - 2015-01-13 00:05 - 00000848 _____ () C:\Users\MG\Desktop\Orbit.lnk

2015-01-13 00:05 - 2015-01-13 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit

2015-01-13 00:04 - 2015-01-13 00:05 - 00000000 ____D () C:\Program Files\Orbitdownloader

2015-01-12 22:50 - 2015-01-12 22:50 - 00000000 ____D () C:\Windows\ERUNT

2015-01-12 22:39 - 2015-01-13 08:10 - 00000000 ____D () C:\AdwCleaner

2015-01-12 19:05 - 2015-01-12 21:49 - 464407121 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-12 18:15 - 2015-01-12 19:02 - 320903392 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-12 18:10 - 2015-01-19 14:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-12 18:10 - 2015-01-12 18:10 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-12 18:10 - 2015-01-12 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-12 18:09 - 2015-01-14 15:38 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-12 18:09 - 2015-01-12 18:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-01-12 18:09 - 2015-01-12 18:09 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-12 18:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-12 18:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-12 17:21 - 2015-01-12 17:21 - 00001398 _____ () C:\Users\MG\Downloads\0-mALWARE INSTRUC DELT.txt

2015-01-12 16:57 - 2015-01-12 16:58 - 481353709 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-12 14:55 - 2015-01-12 15:37 - 284299428 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-12 14:23 - 2014-12-20 02:59 - 965968254 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-12 00:39 - 2015-01-12 01:41 - 436834773 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-12 00:06 - 2015-01-12 00:31 - 158988559 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-11 20:26 - 2015-01-11 21:48 - 428304568 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-11 18:59 - 2015-01-11 19:26 - 175248402 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-11 18:57 - 2015-01-11 20:17 - 167117730 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-11 18:23 - 2015-01-11 18:50 - 130960861 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-11 13:06 - 2015-01-11 13:34 - 150293233 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-11 01:27 - 2015-01-11 02:11 - 112116593 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-10 15:00 - 2015-01-10 15:26 - 107093434 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-10 12:13 - 2015-01-10 13:13 - 309086831 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-10 11:14 - 2015-01-10 11:42 - 179739060 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-10 10:22 - 2015-01-10 10:46 - 134046670 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-10 07:27 - 2015-01-10 08:07 - 283777272 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-10 01:30 - 2015-01-10 01:54 - 161162822 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-10 00:35 - 2015-01-10 00:57 - 152100940 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 23:52 - 2015-01-10 00:34 - 298983770 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 21:02 - 2015-01-09 23:15 - 269016427 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 18:59 - 2015-01-09 20:37 - 186594908 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 18:59 - 2015-01-09 19:23 - 165757582 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 16:23 - 2015-01-09 18:45 - 571978902 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 16:23 - 2015-01-09 18:45 - 436886209 _____ () C:\Users\MG\Downloads\\(Filename of video).mp4

2015-01-09 15:59 - 2015-01-09 16:18 - 141682111 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 15:16 - 2015-01-09 15:36 - 119629988 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 13:31 - 2015-01-09 14:11 - 269502486 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 13:04 - 2015-01-09 13:23 - 105221151 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-09 12:09 - 2015-01-09 12:52 - 184583586 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 11:19 - 2015-01-09 11:47 - 196234865 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 10:05 - 2015-01-09 10:35 - 213567047 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-09 08:28 - 2015-01-09 09:19 - 201100143 _____ () C:\Users\MG\Downloads\(Filename of video).mp4.flv

2015-01-09 03:22 - 2015-01-09 03:39 - 112156915 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-09 01:50 - 2015-01-09 02:19 - 179983519 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 23:54 - 2015-01-09 00:07 - 92403308 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 22:54 - 2015-01-08 23:14 - 104548341 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-08 18:26 - 2015-01-08 19:07 - 262605278 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 17:38 - 2015-01-08 17:55 - 116426655 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 17:15 - 2015-01-08 17:36 - 134184609 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 16:41 - 2015-01-08 16:59 - 111548998 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 15:42 - 2015-01-08 15:52 - 69012525 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-08 14:24 - 2015-01-08 14:55 - 219334669 _____ () C:\Users\MG\(Filename of video).mp4

2015-01-08 13:43 - 2015-01-08 13:58 - 125403882 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 13:09 - 2015-01-08 13:41 - 178108169 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 05:18 - 2015-01-08 05:53 - 148382385 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 04:03 - 2015-01-08 04:27 - 168572349 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 03:33 - 2015-01-08 03:50 - 120460002 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 02:28 - 2015-01-08 03:09 - 288328126 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 02:04 - 2015-01-08 02:27 - 136318580 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-08 01:25 - 2015-01-08 02:02 - 267306039 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 00:46 - 2015-01-08 01:18 - 230440299 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-08 00:02 - 2015-01-08 00:18 - 106726623 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 22:56 - 2015-01-07 23:19 - 158971723 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 22:13 - 2015-01-07 22:44 - 194445083 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 20:33 - 2015-01-07 21:13 - 268949911 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 19:55 - 2015-01-07 20:30 - 221235242 _____ () C:\Users\MG\Downloads\(Filename of video).flv

2015-01-07 19:01 - 2015-01-07 19:36 - 239733925 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 18:06 - 2015-01-07 18:44 - 269677942 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 17:34 - 2015-01-07 17:54 - 146719893 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 16:57 - 2015-01-07 17:23 - 113335535 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 15:59 - 2015-01-07 16:49 - 351366943 _____ () C:\Users\MG\Downloads\ E105.flv

2015-01-07 05:18 - 2015-01-07 05:54 - 250020243 _____ () C:\Users\MG\Downloads\(Filename of video).mp4

2015-01-07 03:59 - 2015-01-07 04:22 - 128814563 _____ () C:\Users\MG\Downloads\ E157.mp4

2015-01-07 03:12 - 2015-01-07 03:29 - 119479685 _____ () C:\Users\MG\Downloads\ E150.flv

2015-01-07 02:30 - 2015-01-07 03:06 - 257661830 _____ () C:\Users\MG\Downloads\ E69.flv

2015-01-07 02:05 - 2015-01-07 02:25 - 144057340 _____ () C:\Users\MG\Downloads\ E173.mp4

2015-01-07 01:28 - 2015-01-07 01:41 - 99002594 _____ () C:\Users\MG\Downloads\ (E55)..flv

2015-01-07 00:33 - 2015-01-07 01:12 - 271992847 _____ () C:\Users\MG\Downloads\ E51.flv

2015-01-06 19:01 - 2015-01-09 01:18 - 244593038 _____ () C:\Users\MG\Downloads\ E57.mp4

2015-01-06 17:21 - 2015-01-06 17:40 - 111719236 _____ () C:\Users\MG\Downloads\ E02.flv

2015-01-06 16:47 - 2015-01-08 16:30 - 205634840 _____ () C:\Users\MG\Downloads\029.mp4

2015-01-06 15:43 - 2015-01-06 16:12 - 208615802 _____ () C:\Users\MG\Downloads\ Ember.mp4

2015-01-06 03:39 - 2015-01-06 03:39 - 129061824 _____ () C:\Users\MG\Downloads\ E175 (W9_x264).mp4

C:\Users\MG\Downloads\ E96 (25 of 33 mins - VLC).flv

2015-01-02 21:36 - 2015-01-02 21:36 - 00000906 _____ () C:\Users\MG\Desktop\VideoCacheView.lnk

2015-01-02 21:31 - 2015-01-02 21:31 - 00000000 ____D () C:\Users\MG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft VideoCacheView

2015-01-02 21:31 - 2015-01-02 21:31 - 00000000 ____D () C:\Program Files\NirSoft

2015-01-02 19:03 - 2015-01-02 19:28 - 121215708 _____ () C:\Users\MG\Downloads\ E41.mp4

2015-01-02 19:02 - 2015-01-02 19:32 - 91021614 _____ () C:\Users\MG\Downloads\ Approval.mp4

2015-01-02 13:01 - 2015-01-02 13:40 - 172197812 _____ () C:\Users\MG\Downloads\.mp4

2015-01-02 04:46 - 2015-01-02 05:05 - 121010138 _____ () C:\Users\MG\Downloads\ E78.mp4

2014-12-31 23:25 - 2014-12-31 23:40 - 107691560 _____ () C:\Users\MG\Downloads\ E171.mp4

2014-12-31 22:56 - 2014-12-31 23:22 - 148895503 _____ () C:\Users\MG\Downloads\ Approach).mp4

2014-12-31 21:53 - 2014-12-31 22:08 - 113249259 _____ () C:\Users\MG\DownloadsE183.mp4

2014-12-31 21:03 - 2014-12-31 21:22 - 106693809 _____ () C:\Users\MG\Downloads\ E128.mp4

2014-12-31 20:28 - 2014-12-31 20:50 - 136318580 _____ () C:\Users\MG\Downloads\web.flv

2014-12-31 19:46 - 2014-12-31 20:10 - 128742835 _____ () C:\Users\MG\Downloads\ E72.mp4

 

2014-12-29 17:24 - 2014-12-30 14:31 - 159984872 _____ () C:\Users\MG\Downloads\ E39.flv

2014-12-29 04:18 - 2015-01-11 14:04 - 696053064 _____ () C:\Users\MG\Downloads\ X264.mp4

2014-12-28 18:09 - 2014-12-28 18:38 - 200963858 _____ () C:\Users\MG\Downloads\ E59.mp4

2014-12-27 23:40 - 2014-12-27 23:55 - 109820745 _____ () C:\Users\MG\Downloads\ Strong.mp4

2014-12-27 23:07 - 2014-12-27 23:22 - 79960628 _____ () C:\Users\MG\Downloads\ E08.mp4

2014-12-27 04:29 - 2014-12-27 04:44 - 105146942 _____ () C:\Users\MG\Downloads\Uninvited.flv

2014-12-27 04:01 - 2014-12-27 04:25 - 155750631 _____ () C:\Users\MG\Downloads\E131.mov

2014-12-26 23:27 - 2014-12-27 00:31 - 357945324 _____ () C:\Users\MG\Downloads\ 36565.flv

2014-12-26 21:58 - 2014-12-26 22:49 - 353365064 _____ () C:\Users\MG\Downloads\36963.flv

2014-12-26 19:04 - 2014-12-26 19:41 - 254588030 _____ () C:\Users\MG\Downloads\gun.mov

2014-12-26 18:14 - 2014-12-26 18:40 - 120560856 _____ () C:\Users\MG\Downloads\ preferences).flv

2014-12-26 17:51 - 2014-12-26 18:08 - 105159816 _____ () C:\Users\MG\Downloads\E66\.flv

2014-12-26 16:58 - 2014-12-26 17:16 - 113249259 _____ () C:\Users\MG\Downloads\ E183.mp4

2014-12-26 16:10 - 2014-12-26 16:30 - 128015546 _____ () C:\Users\MG\Downloads\ E70.mp4

2014-12-26 02:42 - 2014-12-26 03:30 - 284776010 _____ () C:\Users\MG\Downloads\ 1977).flv

2014-12-25 23:14 - 2014-12-25 23:27 - 46292604 _____ () C:\Users\MG\Downloads\ White).mp4

2014-12-25 22:47 - 2014-12-25 23:12 - 141699614 _____ () C:\Users\MG\Downloads\MDV 1-4.flv

2014-12-25 21:58 - 2014-12-25 22:18 - 137704377 _____ () C:\Users\MG\Downloads\ Moore.flv

2014-12-25 20:49 - 2014-12-25 22:45 - 115654285 _____ () C:\Users\MG\Downloads\ Smoker).flv

2014-12-25 20:11 - 2014-12-25 20:45 - 216771798 _____ () C:\Users\MG\Downloads\ Alexander.flv

2014-12-25 18:02 - 2014-12-25 18:43 - 274100759 _____ () C:\Users\MG\Downloads\ Call.mov

2014-12-25 17:26 - 2014-12-25 17:48 - 155014954 _____ () C:\Users\MG\Downloads\Carter.flv

2014-12-25 17:19 - 2014-12-25 17:25 - 31500722 _____ () C:\Users\MG\Downloads\ Urge.flv

2014-12-25 15:51 - 2014-12-25 15:59 - 55544335 _____ () C:\Users\MG\Downloads\ fill in.flv

2014-12-25 13:53 - 2014-12-25 14:33 - 91315889 _____ () C:\Users\MG\Downloads\ Girl.flv

2014-12-25 13:53 - 2014-12-25 14:21 - 86113280 _____ ()

 

2014-12-24 19:02 - 2014-12-24 19:26 - 129960944 _____ () C:\Users\MG\Downloads\ sides.flv

2014-12-24 19:01 - 2014-12-25 19:58 - 227417499 _____ () C:\Users\MG\Downloads\ Eva.mp4

2014-12-24 03:12 - 2014-12-24 03:24 - 65426682 _____ () C:\Users\MG\Downloads\ consensual).flv

2014-12-23 19:35 - 2014-12-23 19:52 - 110944333 _____ () C:\Users\MG\Downloads\ Downfall.flv

2014-12-23 19:03 - 2014-12-23 19:37 - 121305383 _____ () C:\Users\MG\Downloads\ES.flv

2014-12-23 17:45 - 2014-12-23 17:52 - 33949370 _____ () C:\Users\MG\Downloads\ Preview.flv

2014-12-23 17:00 - 2014-12-23 17:06 - 31500722 _____ () C:\Users\MG\Downloads\ Preview.flv

2014-12-23 16:56 - 2014-12-23 16:59 - 20011587 _____ () C:\Users\MG\Downloads\ Preview.flv

2014-12-23 16:44 - 2014-12-23 16:50 - 35599985 _____ () C:\Users\MG\Downloads\ Preview.flv

2014-12-23 16:09 - 2014-12-23 16:15 - 35908084 _____ () C:\Users\MG\Downloads\Avenger.flv

2014-12-23 14:16 - 2014-12-23 14:28 - 69634119 _____ () C:\Users\MG\Downloads\Xandy.flv

2014-12-23 11:45 - 2014-10-12 18:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-12-22 19:05 - 2014-12-22 20:34 - 359230888 _____ () C:\Users\MG\Downloads\ Valentine.avi

2014-12-22 16:21 - 2014-12-22 17:02 - 199198720 _____ () C:\Users\MG\Downloads\ Sergio.avi

2014-12-22 14:52 - 2014-12-22 15:08 - 115140941 _____ () C:\Users\MG\Downloads\Cave 1-8.flv

2014-12-21 21:41 - 2014-12-21 23:12 - 267888644 _____ () C:\Users\MG\Downloads\HousePart 2.mp4

2014-12-21 20:30 - 2014-12-21 21:28 - 367572434 _____ () C:\Users\MG\Downloads\oz.flv

2014-12-21 18:15 - 2014-12-21 19:34 - 287983102 _____ () C:\Users\MG\Downloads\ Part 1.mp4

2014-12-21 14:30 - 2014-12-21 15:21 - 319148329 _____ () C:\Users\MG\Downloads\36784.flv

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-19 23:59 - 2006-11-02 07:47 - 00005056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-19 23:59 - 2006-11-02 07:47 - 00005056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-19 23:45 - 2011-04-13 17:43 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-19 17:58 - 2009-04-11 07:37 - 01870311 _____ () C:\Windows\WindowsUpdate.log

2015-01-19 13:48 - 2011-04-13 19:03 - 00000000 ____D () C:\Users\MG\AppData\Roaming\Orbit

2015-01-19 09:59 - 2011-04-13 17:43 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-19 09:59 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-19 05:36 - 2006-11-02 08:01 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-19 05:30 - 2013-06-29 11:59 - 19504922 _____ () C:\Users\MG\Downloads\0realitykings.tex

2015-01-18 03:36 - 2011-07-18 11:14 - 00000000 ____D () C:\Users\MG\AppData\Roaming\vlc

2015-01-18 02:56 - 2011-12-12 20:37 - 00000000 ____D () C:\Users\MG\.umplayer

2015-01-18 01:19 - 2011-04-13 14:29 - 00114688 _____ () C:\Users\MG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-01-16 17:05 - 2006-11-02 05:33 - 00697560 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-16 13:04 - 2013-06-29 12:00 - 02176504 _____ () C:\Users\MG\Downloads\0-HARD DRIVE Record.txt

2015-01-14 05:44 - 2013-06-30 16:00 - 00051187 _____ () C:\Users\MG\Downloads\0-del.txt

2015-01-13 18:49 - 2014-10-15 23:13 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-13 00:16 - 2014-10-16 08:27 - 00133436 _____ () C:\Windows\PFRO.log

2015-01-13 00:09 - 2014-09-09 14:18 - 00000913 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk

2015-01-12 17:55 - 2014-10-03 13:49 - 00001829 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2015-01-12 17:53 - 2006-11-02 05:23 - 00002577 _____ () C:\Windows\system32\config.nt

2015-01-12 17:52 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc

2015-01-12 17:51 - 2006-11-02 05:22 - 49807360 _____ () C:\Windows\system32\config\system_previous

2015-01-12 17:51 - 2006-11-02 05:22 - 35389440 _____ () C:\Windows\system32\config\software_previous

2015-01-12 17:51 - 2006-11-02 05:22 - 26476544 _____ () C:\Windows\system32\config\components_previous

2015-01-12 17:51 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

2015-01-12 17:51 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2015-01-12 17:51 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous

2015-01-12 17:48 - 2013-08-22 18:41 - 00000000 ____D () C:\Users\UpdatusUser.MG-PC.000

2015-01-12 17:47 - 2014-04-22 21:34 - 00000000 ____D () C:\Users\MG\Downloads\tools

2015-01-12 17:47 - 2011-04-26 17:06 - 00000000 ____D () C:\Users\MG\AppData\Roaming\Notepad++

2015-01-12 17:47 - 2011-04-13 23:10 - 00000000 ____D () C:\Program Files\WinUtilities

2015-01-12 17:47 - 2011-04-12 15:27 - 00000000 ____D () C:\Users\MG

2015-01-12 17:47 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool

2015-01-12 17:47 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration

2015-01-12 15:08 - 2011-04-13 18:03 - 00000000 ____D () C:\Users\MG\Desktop\Notes-Handy

2015-01-08 21:09 - 2013-11-23 18:47 - 00000000 ____D () C:\Users\MG\Downloads\Generator

2015-01-07 00:37 - 2011-09-29 10:45 - 00000000 ____D () C:\Users\MG\Documents\Any Video Converter

2015-01-07 00:23 - 2011-12-02 18:11 - 00000000 ____D () C:\Users\MG\AppData\Roaming\dvdcss

2014-12-29 18:49 - 2012-05-28 04:18 - 00000000 ____D () C:\Users\MG\Downloads\RICK FLICKS - Others

2014-12-29 12:25 - 2014-06-09 15:31 - 00000000 ____D () C:\Users\MG\Documents\VEGAS Projects

2014-12-27 23:23 - 2012-01-20 14:49 - 00000000 ____D () C:\Users\MG\Downloads\MF_Global

2014-12-27 01:31 - 2014-12-18 21:58 - 214964975 _____ () C:\Users\MG\Downloads\ 36667.flv

2014-12-23 13:47 - 2006-11-02 07:47 - 00594160 _____ () C:\Windows\system32\FNTCACHE.DAT

 

==================== Files in the root of some directories =======

2011-04-13 23:08 - 2014-10-16 10:24 - 0000157 _____ () C:\Program Files\Compact NFO Viewer.ini

2011-04-13 23:04 - 2011-04-13 23:04 - 0686592 _____ (Cubic Software) C:\Program Files\Compact-NFO-Viewer.exe

2011-04-13 22:16 - 2004-12-22 17:08 - 0065536 _____ (DLMSoft) C:\Program Files\CopyPaste.exe

2011-04-18 15:55 - 2012-03-20 20:59 - 0087608 _____ () C:\Users\MG\AppData\Roaming\inst.exe

2011-04-18 15:55 - 2012-03-20 20:59 - 0007887 _____ () C:\Users\MG\AppData\Roaming\pcouffin.cat

2011-04-18 15:55 - 2012-03-20 20:59 - 0001144 _____ () C:\Users\MG\AppData\Roaming\pcouffin.inf

2011-04-18 15:56 - 2012-03-20 20:59 - 0000033 _____ () C:\Users\MG\AppData\Roaming\pcouffin.log

2011-04-18 15:55 - 2012-03-20 20:59 - 0047360 _____ (VSO Software) C:\Users\MG\AppData\Roaming\pcouffin.sys

2014-04-19 16:22 - 2014-05-28 01:45 - 0000000 _____ () C:\Users\MG\AppData\Local\ars.cache

2012-03-23 06:46 - 2012-03-23 06:46 - 0026456 _____ () C:\Users\MG\AppData\Local\bloson.bmp

2014-04-19 16:22 - 2014-04-20 19:48 - 7085423 _____ () C:\Users\MG\AppData\Local\census.cache

2011-04-12 15:27 - 2014-11-09 10:04 - 0002032 _____ () C:\Users\MG\AppData\Local\d3d9caps.dat

2012-05-03 06:12 - 2012-05-03 06:12 - 0000532 _____ () C:\Users\MG\AppData\Local\datos.txt

2011-04-13 14:29 - 2015-01-18 01:19 - 0114688 _____ () C:\Users\MG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2011-11-29 07:41 - 2011-11-29 07:41 - 0077576 _____ () C:\Users\MG\AppData\Local\dealply.bmp

2012-01-18 07:00 - 2012-01-18 07:00 - 0077576 _____ () C:\Users\MG\AppData\Local\facemoods.bmp

2012-05-28 01:44 - 2012-05-28 03:26 - 0569801 _____ () C:\Users\MG\AppData\Local\hacha.zip

2014-04-19 13:58 - 2014-04-19 13:58 - 0000036 _____ () C:\Users\MG\AppData\Local\housecall.guid.cache

2010-11-12 04:44 - 2010-11-12 04:44 - 0193744 _____ () C:\Users\MG\AppData\Local\lateral1.bmp

2010-11-12 04:10 - 2010-11-12 04:10 - 0193744 _____ () C:\Users\MG\AppData\Local\lateral2.bmp

2010-11-12 05:09 - 2010-11-12 05:09 - 0195108 _____ () C:\Users\MG\AppData\Local\lateral3.bmp

2014-09-09 13:24 - 2014-09-09 13:24 - 0301608 _____ (VuuPC Limited) C:\Users\MG\AppData\Local\nsr2E23.tmp

2014-09-09 13:24 - 2014-09-09 13:24 - 0301608 _____ (VuuPC Limited) C:\Users\MG\AppData\Local\nsx314F.tmp

2012-05-14 05:38 - 2012-05-14 05:38 - 0043976 _____ () C:\Users\MG\AppData\Local\save_en.bmp

2012-05-14 05:38 - 2012-05-14 05:38 - 0043976 _____ () C:\Users\MG\AppData\Local\save_es.bmp

2014-04-19 17:36 - 2014-05-26 22:10 - 0000010 _____ () C:\Users\MG\AppData\Local\sponge.last.runtime.cache

2014-10-26 13:39 - 2014-10-26 13:39 - 0000044 _____ () C:\ProgramData\.SimImages

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-19 22:10

 

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

FRST ADDITIONS:

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015

Ran by MG at 2015-01-20 00:24:46

Running from C:\Users\MG\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

1Click DVD Copy Pro 4.2.4.3 (HKLM\...\1Click DVD Copy Pro_is1) (Version:  - LG Software Innovations)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )

Active@ Boot Disk 7.1 (HKLM\...\{9770BCC6-C50D-41D7-AE07-5B796D630052}_is1) (Version: 7.1 - LSoft Technologies Inc)

ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.181.34 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.265 - Adobe Systems Incorporated)

Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)

Adobe Reader X (10.0.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)

Adv. Zip Repair v1.53 (HKLM\...\Adv. Zip Repair v1.53) (Version:  - )

Advanced Archive Password Recovery (HKLM\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)

Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden

Ant.com IE add-on (HKLM\...\Ant.com IE add-on) (Version: 2.2.1.75 - Ant.com)

Ant.com IE add-on (Version: 2.2.1.75 - Ant.com) Hidden

Any DVD Cloner Platinum 1.1.2 (HKLM\...\Any DVD Cloner Platinum_is1) (Version:  - dvdsmith.com)

Any Video Converter 3.0.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)

Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)

Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)

Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.9.1.0 - Ask.com) <==== ATTENTION

Avant Browser (remove only) (HKLM\...\AvantBrowser) (Version: 11.9.0.27 - Avant Force)

avast! Free Antivirus (HKLM\...\avast) (Version: 7.0.1474.0 - AVAST Software)

BiosNotice (HKLM\...\{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}) (Version:  - )

Brother MFL-Pro Suite HL-2280DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)

CCleaner (HKLM\...\CCleaner) (Version: 2.31 - Piriform)

Command & Conquer Red Alert 2 (HKLM\...\Red Alert 2) (Version:  - )

Command && Conquer Red Alert 2 - Yuri's Revenge (HKLM\...\Yuri's Revenge) (Version:  - )

CopyFilenames 3.1 (HKLM\...\CopyFilenames_is1) (Version: 3.1 - ExtraBit Software)

Desktop Icon Position Saver (64-bit) (HKLM\...\dips64) (Version:  - )

DocX Viewer version 1.2 (HKLM\...\DocX Viewer_is1) (Version: 1.2 - )

DolbyFiles (Version: 2.0 - Nero AG) Hidden

DVD Architect Pro 5.0 (HKLM\...\{4EAF566E-1712-433C-A1C2-7517845107CC}) (Version: 5.0.119 - Sony)

DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )

EASEUS Todo Backup Home 2.0 (HKLM\...\EASEUS Todo Backup Home 2.0_is1) (Version: 2.0.0.1 - CHENGDU YIWO Tech Development Co., Ltd)

Enterra Icon Keeper 1.0.0.2 (HKLM\...\Enterra Icon Keeper_is1) (Version:  - Enterra, Inc.)

FreeOCR 3.0 (HKLM\...\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}) (Version: 3.0 - Free OCR)

GOM Player (HKLM\...\GOM Player) (Version: 2.1.28.5039 - Gretech Corporation)

Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

HamsterFreeVideoConverter (HKLM\...\Hamster Free Video Converter_is1) (Version:  - HamsterSoft, Inc.)

HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)

Hide IP Easy (HKLM\...\HideIPEasy) (Version: 5.0.5.2 - )

Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)

HPAsset component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden

HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)

ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2102 - Intel Corporation)

Ipswitch WS_FTP Pro Uninstall (HKLM\...\WS_FTPPro) (Version:  - )

IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)

iWisoft Free Video Downloader 2.1 (HKLM\...\iWisoft Free Video Downloader_is1) (Version: 2.1 - www.iwisoft.com)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

K-Lite Codec Pack 7.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )

K-Meleon 1.5.0 en-US (remove only) (HKLM\...\K-Meleon) (Version: 1.5.0 - K-Meleon Team)

LogonReminder (HKLM\...\LogonReminder) (Version:  - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mark's DVD Bitrate Calculator Version 1.1.0 (HKLM\...\{B17D51BA-CA44-4308-B4DD-7A58DC5C828E}_is1) (Version: 1.1.0 - Swn Y Gwynt Video Productions)

Menu Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft FrontPage 2000 (HKLM\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Office 2000 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Migo Digital File Shredder Pro (HKLM\...\Migo Digital File Shredder Pro) (Version:  - )

MiPony 2.1.0 (HKLM\...\MiPony) (Version: 2.1.0 - )

MKVToolNix 5.9.0 (HKLM\...\MKVToolNix) (Version: 5.9.0 - Moritz Bunkus)

Mozilla Firefox (3.6.16) (HKLM\...\Mozilla Firefox (3.6.16)) (Version: 3.6.16 (en-US) - Mozilla)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)

Nero 9 Essentials (HKLM\...\{86f7145a-4c05-4dd4-a208-ebc77f907b07}) (Version:  - Nero AG)

NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.2.26.50  - NETGEAR Inc.)

NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version:  - )

Notepad++ (HKLM\...\Notepad++) (Version: 5.9 - )

Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)

NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)

Ogg Vorbis Codec 0.9 (HKLM\...\Ogg Vorbis Codec) (Version: 0.9 - )

Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)

Orbit Downloader (HKLM\...\Orbit_is1) (Version:  - www.orbitdownloader.com)

Painter 5.5 Web Edition (HKLM\...\Painter5DeinstKey) (Version:  - )

Password Kernel 1.7 (HKLM\...\Password Kernel) (Version: 1.7 - Kevin Solway)

PCIe Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.71.00.50 - Conexant Systems)

QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)

RAR Repair Tool v.4.0.1 (HKLM\...\RAR Repair Tool_is1) (Version:  - ZRT Labs)

Real Alternative 2.0.1 (HKLM\...\RealAlt_is1) (Version: 2.0.1 - )

RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6101 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Replay Media Catcher 5 (5.0.1.46) (HKLM\...\Replay Media Catcher 5) (Version: 5.0.1.46 - Applian Technologies)

Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)

Scansoft PDF Professional (Version:  - ) Hidden

Seagate DiscWizard (HKLM\...\{81A60A13-224D-4637-8203-3EAC03B121A4}) (Version: 10.0.5018 - Seagate)

SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.1.3.2 - Seagate Technology)

Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)

Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.3 - IObit)

Sonic Foundry Noise Reduction DirectX Plug-In 1.0b (HKLM\...\SFNR) (Version:  - )

Sonic Foundry Sound Forge 4.5b (HKLM\...\Sound Forge) (Version:  - )

Sony Vegas Movie Studio Platinum 8.0 (HKLM\...\{B8E8C8EC-5C22-4B02-9C02-D851262F574C}) (Version: 8.0.139 - Sony)

StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )

Subtitle Workshop 6.0b (HKLM\...\SubtitleWorkshop) (Version:  - )

The Settlers IV (HKLM\...\S4Uninst) (Version:  - )

UMPlayer 0.98 [P4] (HKLM\...\UMPlayer) (Version: 0.98 - Ori Rejwan)

Unlocker 1.8.8 (HKLM\...\Unlocker) (Version: 1.8.8 - Cedrick Collomb)

Vegas Pro 10.0 (HKLM\...\{5AC11070-A1CB-11E0-A0DC-0013D3D69929}) (Version: 10.0.737 - Sony)

Video Fixer 3.23 (HKLM\...\Video Fixer 3.23_is1) (Version:  - video-fixer Inc.)

VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)

WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)

WinRAR 4.00 beta 6 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)

WinUtilities 9.7 Professional Edition (HKLM\...\{FC274982-5AAD-4C20-848D-4424A5043009}_is1) (Version:  - YL Computing, Inc)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1001_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1001_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1001_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

CustomCLSID: HKU\S-1-5-21-378341734-3834699623-4277014274-1001_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)

 

==================== Restore Points  =========================

 

12-01-2015 23:42:56 Restore Operation

14-01-2015 16:15:59 Malwarebytes Anti-Rootkit Restore Point

17-01-2015 19:50:25 Scheduled Checkpoint

18-01-2015 19:00:10 Windows Backup

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 05:23 - 2014-06-11 13:22 - 00001054 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 anchorfree.net

127.0.0.1 rss2search.com

127.0.0.1 techbrowsing.com

127.0.0.1 box.anchorfree.net

127.0.0.1 www.mefeedia.com

127.0.0.3 www.anchorfree.net

127.0.0.2 www.mefeedia.com

127.0.0.1 anchorfree.us

127.0.0.1 a433.com

127.0.0.3 anchorfree.net

127.0.0.1 rpt.anchorfree.net

127.0.0.1 delivery.anchorfree.us/land.php

127.0.0.1 hsselite.com

127.0.0.1 www.hsselite.com

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {016018AC-1191-4A75-9982-601D1DB8135C} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-378341734-3834699623-4277014274-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)

Task: {07A6E0EE-C604-420B-91A2-05AEAECCB04D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)

Task: {101CF220-34C4-4929-B580-68C0B8BB6A87} - \avast! Emergency Update No Task File <==== ATTENTION

Task: {23FCC634-74F4-4B66-8F61-A3E9E3FFBDBD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-378341734-3834699623-4277014274-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {2730F6FB-712E-4EC6-8181-167A56438AD8} - System32\Tasks\{FFD119FD-B52F-4A7A-9076-5DA298DE3968} => pcalua.exe -a "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

Task: {336AEF3B-5EB0-4727-B2DA-238F265AF6F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)

Task: {3A4773DF-4250-4F5F-AFBD-B8011F5EA33B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION

Task: {68C46510-9065-4BB3-B07E-2EECAF7F2D1F} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {9A89AECF-2C8D-4148-8BE6-467FA6DE2636} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-378341734-3834699623-4277014274-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {ABEB881A-3F50-49FC-997A-070F7EF6561B} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {D7F009F2-F40C-42A6-B811-33E74779FF78} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-378341734-3834699623-4277014274-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {F08711D6-60EA-4C6A-8E2D-FFE5890A9531} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-378341734-3834699623-4277014274-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {FC1C2412-762E-43C9-852D-BAF047F670A8} - System32\Tasks\{F2B8D722-538A-478F-A249-5266D9EF6764} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&amp;page=tsBing

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2015-01-19 19:30 - 2015-01-19 16:53 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\15011901\algo.dll

2009-10-26 02:33 - 2009-10-26 02:33 - 00010240 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll

2011-04-12 15:29 - 2011-02-08 14:42 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll

2011-02-08 19:56 - 2011-02-08 19:56 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll

2011-04-13 09:53 - 2011-01-22 14:57 - 00050056 _____ () C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll

2012-02-22 14:19 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

2014-05-26 12:39 - 2014-04-22 13:39 - 00645592 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

2011-04-13 09:53 - 2008-11-25 16:18 - 01291264 _____ () C:\Program Files\EASEUS\Todo Backup 2.0\bin\libxml2.dll

2011-04-13 09:53 - 2004-10-05 02:08 - 00055808 _____ () C:\Program Files\EASEUS\Todo Backup 2.0\bin\zlib1.dll

2014-05-16 19:11 - 2014-05-16 19:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll

2014-05-16 19:37 - 2014-05-16 19:37 - 00506664 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll

2014-05-16 17:34 - 2014-05-16 17:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe

2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2015-01-19 10:33 - 2015-01-19 10:33 - 00011264 _____ () C:\Users\MG\AppData\Local\Temp\nsaB46.tmp\System.dll

2013-09-19 14:08 - 2013-09-19 14:08 - 01926656 _____ () C:\Users\MG\Downloads\Programs\VirtualMagnifyingGlassPortable\App\magnifyingglass\magnifier.exe

2010-08-15 13:34 - 2010-08-15 13:34 - 00204800 _____ () C:\Program Files\Notepad++\plugins\ComparePlugin.dll

2008-09-06 07:51 - 2008-09-06 07:51 - 00014336 _____ () C:\Program Files\Notepad++\plugins\NppExport.dll

2010-08-21 07:56 - 2010-08-21 07:56 - 01563648 _____ () C:\Program Files\Notepad++\plugins\NppFTP.dll

2015-01-13 00:04 - 2011-04-14 14:38 - 00094208 _____ () C:\Program Files\Orbitdownloader\GrabKernel.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00783360 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00098816 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00098816 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00064000 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll

2011-12-29 15:54 - 2012-05-20 21:38 - 00099840 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00068608 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00076800 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00168448 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00316928 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00045568 _____ () C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00046592 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00078336 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll

2011-07-29 03:27 - 2012-05-20 21:38 - 00276480 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll

2012-08-23 21:29 - 2012-08-23 21:29 - 09813704 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

2015-01-13 18:49 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-13 18:49 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

2001-08-23 02:39 - 2001-08-23 02:39 - 00094208 _____ () C:\Westwood\RA2\RA2MD.exe

2000-07-27 18:22 - 2000-07-27 18:22 - 00286208 _____ () C:\Westwood\RA2\binkw32.dll

1999-07-12 20:42 - 1999-07-12 20:42 - 00225331 _____ () C:\Westwood\RA2\blowfish.dll

2014-04-21 14:16 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\MG\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-04-21 14:16 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\MG\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

2012-03-13 20:43 - 2011-03-19 18:27 - 01018328 _____ () C:\Program Files\Mozilla Firefox\js3250.dll

2015-01-13 00:04 - 2011-04-14 15:57 - 00438272 _____ () C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

2013-04-16 02:12 - 2013-04-16 02:12 - 00060928 _____ () C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll

2015-01-13 18:49 - 2015-01-08 19:35 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:1677AB3F

AlternateDataStreams: C:\ProgramData\TEMP:888AFB86

AlternateDataStreams: C:\ProgramData\TEMP:B946D9EE

AlternateDataStreams: C:\Users\MG\Downloads\Backroom Casting Couch - Kassey (Ep 190).mp4:TOC.WMV

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^MG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gangsters2Setup.lnk => C:\Windows\pss\Gangsters2Setup.lnk.Startup

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: BiosNotice => C:\Program Files\BIOSTAR\BiosNotice\BiosNotice.exe

MSCONFIG\startupreg: BrowserWatch => C:\Program Files\Migo Software\Digital File Shredder Pro\BrowserWatchControl.exe

MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun

MSCONFIG\startupreg: DiscWizardMonitor.exe => C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

MSCONFIG\startupreg: Enterra Icon Keeper => "C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s

MSCONFIG\startupreg: googletalk => C:\Program Files\Google\Google Talk\googletalk.exe /autostart

MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-378341734-3834699623-4277014274-500 - Administrator - Disabled)

Guest (S-1-5-21-378341734-3834699623-4277014274-501 - Limited - Disabled)

MG (S-1-5-21-378341734-3834699623-4277014274-1000 - Administrator - Enabled) => C:\Users\MG

UpdatusUser (S-1-5-21-378341734-3834699623-4277014274-1001 - Limited - Enabled) => C:\Users\UpdatusUser.MG-PC.000

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA\SETTINGS> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA\SETTINGS> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER\VIRTUALMAGNIFYINGGLASSPORTABLE.INI> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER\VIRTUALMAGNIFYINGGLASSPORTABLE.INI> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\APPINFO.INI> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\APPINFO.INI> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

 

 

System errors:

=============

Error: (01/19/2015 10:02:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: HP Health Check Service%%2

 

Error: (01/19/2015 10:01:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: i8042prt

 

Error: (01/18/2015 11:29:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Hotspot Shield Monitoring Service1

 

Error: (01/18/2015 11:29:06 AM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 10.254.24.10 for the Network Card with network address 00FF7B2110B1 has been denied by the DHCP server 10.254.95.254 (The DHCP Server sent a DHCPNACK message).

 

Error: (01/18/2015 11:28:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: HP Health Check Service%%2

 

Error: (01/18/2015 11:27:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: i8042prt

 

Error: (01/17/2015 08:13:51 PM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 10.254.56.3 for the Network Card with network address 00FF7B2110B1 has been denied by the DHCP server 10.254.31.254 (The DHCP Server sent a DHCPNACK message).

 

Error: (01/17/2015 08:11:38 PM) (Source: Dhcp) (EventID: 1002) (User: )

Description: The IP address lease 10.254.56.13 for the Network Card with network address 00FF7B2110B1 has been denied by the DHCP server 10.254.63.254 (The DHCP Server sent a DHCPNACK message).

 

Error: (01/17/2015 05:22:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: HP Health Check Service%%2

 

Error: (01/17/2015 05:21:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: i8042prt

 

 

Microsoft Office Sessions:

=========================

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA\SETTINGS

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA\SETTINGS

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\DEFAULTDATA

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER\VIRTUALMAGNIFYINGGLASSPORTABLE.INI

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER\VIRTUALMAGNIFYINGGLASSPORTABLE.INI

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\LAUNCHER

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\APPINFO.INI

 

Error: (01/19/2015 10:33:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MG\DOWNLOADS\PROGRAMS\VIRTUALMAGNIFYINGGLASSPORTABLE\APP\APPINFO\APPINFO.INI

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-01-20 00:23:58.416

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-20 00:23:57.965

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-20 00:23:57.507

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-20 00:23:57.095

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-20 00:23:56.155

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-20 00:23:55.717

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-20 00:23:55.256

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-20 00:23:54.803

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-19 14:17:02.135

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-01-19 14:17:01.792

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info ===========================

 

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz

Percentage of memory in use: 72%

Total physical RAM: 3070.33 MB

Available physical RAM: 839.29 MB

Total Pagefile: 6360.87 MB

Available Pagefile: 2853.82 MB

Total Virtual: 2047.88 MB

Available Virtual: 1897.21 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:429.97 GB) (Free:1.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (YR1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

Drive e: (Sidekick 2.0 TB SG-Bar Log) (Fixed) (Total:1863.01 GB) (Free:662.83 GB) NTFS

Drive z: (Recovery) (Fixed) (Total:35.79 GB) (Free:25.25 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: EBBDC4F5)

Partition 1: (Active) - (Size=430 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=35.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 1863 GB) (Disk ID: ABEDB402)

Partition 2: (Active) - (Size=1863 GB) - (Type=05)

 

==================== End Of Log ============================

 

 

 

 

 

.



#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:03 PM

Posted 20 January 2015 - 07:04 AM

Hi,

 

1. Go into Programs and Features in the Control Panel and uninstall Ask Toolbar

 

2. Let me see what Junkware Removal removed as it only removes bad entries, you can find the log here JRT.txt on your desktop

 

You have a few things going on but I dont see any entries for Zero Access

 

Download CKScanner by askey127 from Here & save it to your Desktop.
  •  
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Please Run this program only once
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
 

 

 

=======================================================================

 

Download MiniToolBox and save it to your desktop,  right click on it and select RUN AS ADMINISTRATOR
 
Checkmark the following boxes:
  •  
  • Flush DNS 
  • Reset IE Proxy Settings 
 
 
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
 
 
===================================================================================
 
 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
===============================================================================
 

 
Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAM203_zps0a230260.jpg
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes
 
 
 
 
 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 January 2015 - 03:16 PM

.

Thanks, Malware Response Team.

 

Goods news that you could not spot ZERO ACCESS... unless it's hiding too stealthily.

 

As you read above, the virus was lurking in several $RecycleBin files, six to be exact. I would naively like to think that once something is in the Recycle Bin (or more precisely, the "$" Recycle Bin, in this case), it is no longer as free to practice its activities.. (There is a lot to be said for ignorance.)

 

I guess I had once got rid of the Ask Toolbar, and what has been left behind are remnants. Windows Installer could not remove it, giving the message: "The feature you are trying to use is on a network resource that is unavailable." The use source is a string of numbers and letters in the Users ... AppData\Local\Temp directory. Upon clicking "Cancel," I got the second message, "The installation source for this product is not available. Verify that the source exists and that you can access it." I checked to see if I still have C:\Program Files\Ask.com, and it is not there. I guess I should try and remove whatever is left, and if you agree, perhaps you will advise.

 

As for Junkware Removal, I posted the results in my "Am I Infected" page, the link for which is also at the top of this page. The log is the first one. The program decimated Orbit Downloader and Hotspot Shield, which I later re-installed.

 

The first two logs:

 

 

 

CKScanner

 

 

 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

c:\users\MG\desktop\x-fonter_cracked.exe - shortcut.lnk

c:\users\MG\downloads\downloads\hentai911.blogspot.com_idolsgalore\idolsgalore\idols_galore_nocd_crack_fas.rar

c:\users\MG\downloads\downloads\hentai911.blogspot.com_idolsgalore\idolsgalore\idols_galore_savegame___crack.rar

c:\users\MG\downloads\downloads\hentai911.blogspot.com_idolsgalore\idolsgalore\idols_galore_savegame___crack\mesiaml.sav

c:\users\MG\downloads\downloads\idolsgalore\idols_galore_nocd_crack_fas\fas-idol.nfo

c:\users\MG\downloads\downloads\idolsgalore\idols_galore_nocd_crack_fas\mesiaml.exe

c:\users\MG\downloads\downloads\idolsgalore\idols_galore_nocd_crack_fas\registry.reg

c:\users\MG\downloads\downloads\idolsgalore\idols_galore_savegame___crack\fas-idol.nfo

c:\users\MG\downloads\downloads\idolsgalore\idols_galore_savegame___crack\mesiaml.exe

c:\users\MG\downloads\downloads\idolsgalore\idols_galore_savegame___crack\registry.reg

c:\users\MG\downloads\programs\active-boot-disk-suite_pluscrack.com.rar

c:\users\MG\downloads\programs\winutilities_professional_edition_9.7+keygen.rar

c:\users\MG\downloads\programs\active-boot-disk-suite_pluscrack.com\bootdisksetup.exe

c:\users\MG\downloads\programs\active-boot-disk-suite_pluscrack.com\file_id.diz

c:\users\MG\downloads\programs\active-boot-disk-suite_pluscrack.com\key.txt

c:\users\MG\downloads\programs\active-boot-disk-suite_pluscrack.com\nfo.nfo

c:\users\MG\downloads\programs\hide.ip.easy.v5.0.5.2.full\hide.ip.easy.v5.0.5.2.full\crack\hideipeasy.exe

c:\users\MG\downloads\programs\migosoft.digital.file.shredder.pro.v3.2.1.7\note to MG - keygen.exe has virus.txt

c:\users\MG\downloads\programs\migosoft.digital.file.shredder.pro.v3.2.1.7\migosoft.digital.file.shredder.pro.v3.2.1.7\keygen.exe

c:\users\MG\downloads\programs\migosoft.digital.file.shredder.pro.v3.2.1.7\migosoft.digital.file.shredder.pro.v3.2.1.7\note to MG - keygen.exe has virus.txt

c:\users\MG\downloads\programs\video repair programs\videofixer323\crack - goes with orig video fixer\installation.txt

c:\users\MG\downloads\programs\video repair programs\videofixer323\crack - goes with orig video fixer\key.dat

c:\users\MG\downloads\programs\video repair programs\videofixer323\crack - goes with orig video fixer\runme.reg

c:\users\MG\downloads\programs\video repair programs\videofixer323\crack - goes with orig video fixer\tsrh.nfo

c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\eat.nfo

c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\MG note - trojan in crack.txt

c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\wrar391.exe

c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\crack\rar.exe

c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\crack\rarreg.key

c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\crack\unrar.exe

c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\crack\winrar.exe

c:\users\MG\downloads\programs\x-fonter_v6.3__new_\x-fonter v6.3 (new)\x-fonter v6.3 (new) cracked\x-fonter_cracked.exe

c:\users\MG\eurekalog\x-fonter_cracked.elf

c:\westwood\ra2\new maps dl'ed\next d-l'ed set - combine\browse your red alert 2 folder here(map_pack_v1.0)\(2-4)cracked.yrm

scanner sequence 3.ZZ.11.PRAPBZ

 ----- EOF -----

 

 

 

 

 

MiniToolBox

 

 

 

 

 

 

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by MG (administrator) on 20-01-2015 at 15:11:49
Running from "C:\Users\MG\Downloads\Programs\MALWARE Programs\Programs & Logs for RAT from Bleeping Computer"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****


Edited by Upbloat, 20 January 2015 - 03:18 PM.


#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:03 PM

Posted 20 January 2015 - 03:35 PM

Tell me where and how you downloaded these programs ?

 

c:\users\MG\downloads\programs\winutilities_professional_edition_9.7+keygen.rar
c:\users\MG\downloads\programs\active-boot-disk-suite_pluscrack.com\bootdisksetup.exe
c:\users\MG\downloads\programs\hide.ip.easy.v5.0.5.2.full\hide.ip.easy.v5.0.5.2.full\crack\hideipeasy.exe
c:\users\MG\downloads\programs\migosoft.digital.file.shredder.pro.v3.2.1.7\note to MG - keygen.exe has virus.txt
c:\users\MG\downloads\programs\video repair programs\videofixer323\crack - goes with orig video fixer\installation.txt
c:\users\MG\downloads\programs\winrar.v3.91.cracked.proper-eat\wrar391.exe
c:\users\MG\downloads\programs\x-fonter_v6.3__new_\x-fonter v6.3 (new)\x-fonter v6.3 (new) cracked\x-fonter_cracked.exe

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 January 2015 - 05:58 PM

.

 

 

AdwCleaner

 

 

 

 

 

# AdwCleaner v4.108 - Report created 20/01/2015 at 15:59:08
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : MG - MG-PC
# Running from : C:\Users\MG\Downloads\Programs\MALWARE Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : hshld
[x] Not Deleted : hsstrayservice
[x] Not Deleted : hsswd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\hotspot shield
Folder Deleted : C:\Program Files\orbitdownloader
Folder Deleted : C:\Program Files\snipsmart
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\system32\hotspot shield
Folder Deleted : C:\Users\MG\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\MG\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\MG\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\MG\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\MG\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\MG\AppData\Roaming\SimpleFiles
Folder Deleted : C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Hotspot Shield.lnk
File Deleted : C:\Windows\system32\drivers\taphss6.sys
File Deleted : C:\Windows\system32\drivers\hssdrv6.sys
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Key Deleted : HKCU\Software\Orbit
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\Orbit
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotspotshield
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Mozilla Firefox v3.6.16 (en-US)

[5z4kke4v.default\prefs.js] - Line Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(getaudiofiledocumentdir)/.*hxxp://.*depositfiles.com/(([a-z]{2})/files/auth-).*hxxp://(www.)*digg.com/(.{5}.{6})$hxxp:[...]

-\\ Google Chrome v39.0.2171.99

[C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN21921758713646130&ctid=CT3272718
[C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN21921758713646130&ctid=CT3272718
[C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322298&octid=EB_ORIGINAL_CTID&ISID=M6C8BAFCF-F774-4161-9729-774B46DA945E&SearchSource=58&CUI=&UM=6&UP=SP920B756C-B1CA-49AD-AC88-63D63CEE0185&q={searchTerms}&SSPV=
[C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322298&octid=EB_ORIGINAL_CTID&ISID=M6C8BAFCF-F774-4161-9729-774B46DA945E&SearchSource=58&CUI=&UM=6&UP=SP920B756C-B1CA-49AD-AC88-63D63CEE0185&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [14370 octets] - [12/01/2015 22:39:54]
AdwCleaner[R1].txt - [10368 octets] - [13/01/2015 08:08:16]
AdwCleaner[R2].txt - [10429 octets] - [20/01/2015 15:56:25]
AdwCleaner[S0].txt - [10484 octets] - [20/01/2015 15:59:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10545 octets] ##########
 

 

 

 

 

 

 

Malwarebytes Anti-Malware

 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/20/2015
Scan Time: 4:38:50 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.20.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: MG

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414573
Time Elapsed: 14 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\Users\MG\AppData\Local\Temp\OPrz2uZe.exe.part, Quarantined, [efbc02f7276281b538a5e232689cfd03],

Physical Sectors: 0
(No malicious items detected)


(end)
 

 

 

 

 

.



#8 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 January 2015 - 06:01 PM

.

I have been addressing you as "Malware Response Team," not paying strict attention to this site's format... but I just noticed your moniker. Do accept my apologies, Ken545.

 

"Tell me where and how you downloaded these programs ?"

 

Yes, I had noticed them, too. Years ago, longer than I would like to think, I discovered a site that carried pirated software and I went through a period of experimentation. I don't use anything on that list.(I have the free version of WinRAR). I downloaded them, and forgot about them.

 

But I've got other things on my mind. Before putting up my thread on "Am I Infected," I took it upon myself to make use of suggestions I found on a Bleeping Computer thread (as I explained at the beginning of my "Am I Infected" thread), and one of the three programs I ran (including the dreaded Junkware Removal Tool) was AdwCleaner. I didn't expect any problems with that, since it was put to use only days ago. When I attempted to run the file I had (conveniently) already downloaded, I got the message that there was a new version (in just days. How odd), so I made sure to download and use the updated version.

 

It did a real number on my computer. Not only did it kill the same  two programs (Orbit and Hotspotshield)  that Junkware Removal polished off, but it also got rid of my Internet connection..! I was unable to connect to a network (none was showing), and trying to figure out what needed to be done to get back on track would have been very time-consuming, so I performed a System Restore.

 

I'm seeing some other changes, like the right-click menu for Firefox has fewer items, and now has scroll arrows at the top and bottom of the menu, which goes on endlessly (so to speak). The menu has now become blank, except for a few items at the top. This devastation has only just happened, and I guess I should brace myself for further surprises.

 

(I can no longer right-click copy/paste in an instant. I get the blank menu, and then need to scroll all the way up to reach the visible part of the menu. Sometimes that part does not even show, so I need to re-click. I wonder if you may have a thought to get this back to normal.)

 

This is ironic, because I had asked you to let me know if any programs you will be suggesting will do what Junkware Removal Tool did, and this one caused far greater damage. (Not that I'm blaming you, because I had just used AdwCleaner, and it performed politely.)

 

I hope whatever good it did has not been negated by the System Restore..

 

Malwarebytes' Anti-Malware, which I ran a couple of times in the last few days, caught an unspecified trojan ("Trojan agent"). I don't see how that could have happened this quickly since the very recent last scan.

 

Thank you very much for all of your kind help, and I look forward to what you make of all of this.

 

.


Edited by Upbloat, 20 January 2015 - 06:15 PM.


#9 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:03 PM

Posted 20 January 2015 - 06:04 PM

If you want to continue than go to your Downloads folder and remove it all, then run a new scan with CKScanner and post the log


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#10 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 20 January 2015 - 11:00 PM

.

Deleted the items.

 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

c:\westwood\ra2\new maps dl'ed\next d-l'ed set - combine\browse your red alert 2 folder here(map_pack_v1.0)\(2-4)cracked.yrm

scanner sequence 3.EF.11.VHNAIZ

 ----- EOF -----

 

.



#11 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:03 PM

Posted 21 January 2015 - 07:20 AM

When a helper in the forum helps a user to remove malware from there system, there is a trust set up between the two parties, you trust me to clean your system professionally and I trust you to provide the information I need to help you in the form of logs and reports from the scans we run, by altering your log you have broken that trust and I am no longer bound to help you
 
This thread is now closed

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#12 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:03 PM

Posted 21 January 2015 - 04:48 PM

I reopened your thread.  You have got to understand that after 14 years or so of doing this I have been awarded, thanked and praised, I have also been lied to by some people so when I see a log that has been altered than I assume I am being duped. Your CKScanner log was altered for whatever reason. You also told me at the beginning that you renamed some files in your download folder, with this and with the CKScanner report it made me somewhat doubtful, like you where trying to hide something

 

Orbit and Hotspot shield are iffy programs, they fall somewhere in the grey area and there not recommended and thats why some programs remove them

 

If you ever lose internet connection again just do this

 

1. Turn off your computer
2. Turn off your  router by unplugging the power cord on the back of the unit
3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit
 
        Leave everything off for about 5 minutes, this lets it all reset 
 
Then
 
1. Plug in your Cable / DSL modem and wait until all the lights come back on
2. Now do the same thing with your router
3. Turn your computer back on and see if it made a difference
 

 

Run CKScanner again and post a new log and we can go from there


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#13 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 24 January 2015 - 12:56 PM

.

Thank you for your reconsideration Ken, I appreciate it.

 

You have been doing this for fourteen years. That is a record to be proud of.

 

Ironically, if I wished to deceive you, I would have removed those suspicious files from the outset. But I had figured the honest thing to do would be to leave them as is, and have you determine whether they had a hand to play with my current problem. (Much as I knew better.... they had been in mothballs for at least five years, untouched.)

 

The couple of files I did remove, as I related to you privately, had to do with safeguarding my privacy. When one publishes information publicly that one is not comfortable with, if one wishes not to leave tracks that may reveal one's identity, that does not fall into the category of lying.  You would do the same; anyone would.

 

Thank you very much for attending to a few of the things that AdwCleaner made me unhappy about. I had performed research on both Orbit and HotSpot Shield, aware that they are considered iffy, but there was no consensus of either causing harm. I have been using Orbit in particular for years, and have not seen any sign of trouble.

 

The fix you suggested for losing one's Internet connection sounded like steps one would take if the modem or the router failed, that is, fixes for problems that take place externally. (The old "reboot" trick, not just for the computer, but for these devices.) What happened in my case was that the network connection was wiped out. So based on my limited knowledge, the way to fix that would have been to establish a new network connection, and start from scratch. Since I don't remember the last time I did that, or what, if any, passwords, I used, that would have caused me unnecessary grief.

 

I did take care of the other noticeable changes this program caused. The worst one, the alteration of  Firefox's right-click menu, fortunately fixed itself in a few days; it's still not the same, but at least it's not as bad.

 

I see all kinds of different tools are being used to remedy this rootkit, in the few other threads I have eyed. Since there is a choice, I'd think the best type of program to use would be one such as  Malwarebytes' Anti-Malware; it is polite enough to ask whether the user would want the changes to be affected. I can see one may resort to destructive programs such as Junkware Removal Tool and AdwCleaner as a last resort, when the situation is desperate... and when the riddance of a virus has no other recourse. Then it would be worth the inconveniences a program causes.

 

When it seemed like I was left in the cold regarding this thread, I took the liberty of running Malwarebytes Anti-Rootkit (MBAR) again. That was the program my previous helper had suggested, and it was the one that caught the ZERO ACCESS varmint in my $Recycle.Bin. I wanted to report to you that the results this time were spotless. (MBAR produces two reports, as you know, but this time it only provided "system-log.txt"; there was no "mbar-log-{date} (xx-xx-xx).txt." That made me a bit worried, as it was the latter that pointed to this trojan. So I don't know if that means anything.)

 

You also reported that you didn't see a sign of this trojan, and that makes me think my situation is not desperate. But even once you confirm that it  is gone, as I understand, this thing deletes some important Windows services and causes some additional damage to Windows. I'm hoping you will help me get back to good shape, by checking these settings.

 

Below are the results of the new CKScanner scan; there is no difference with the previous, except I left one of the three lines in.

 

Thank you again.

 

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\westwood\ra2\(2-4)cracked.yrm
c:\westwood\ra2\new maps dl'ed\next d-l'ed set - combine\browse your red alert 2 folder here(map_pack_v1.0)\(2-4)cracked.yrm
scanner sequence 3.FA.11.JIAAM0
 ----- EOF -----

 

 

.



#14 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:03 PM

Posted 24 January 2015 - 03:00 PM

Glad we didn't lose you.  I am going to give you the benefit of the doubt about what CKScanner found, but there should be more than two entries ????

 

All of us helpers help at other forums as well, my self i am a member of at least 20 or so but just help out at about 4, not enough time in the day.

 

Let me see if I can explain this correctly, lets say a new tool came out that got good reviews and I had you run it on your system and it caused problems...MY BAD...But First Class programs like Adware Cleaner, Junkware Removal and Malwarebytes are updated daily and the authors add to the database of known programs and entries that should be removed. When these programs pick up Orbit and Hotspot shield for removal it has to tell you something about them, if they where safe and caused no problems they would not be targeted for removal, I believe both may serve adds .

 

Its good that Malwarebytes Anti Rootkit found nothing, I would like you to run one more tool, read the instructions as it says not to Cure anything, just let me see the report

 

Also, by using System Restore you may have added things back that where removed, lets do this, Run AdwCleaner again but this time just post the report and we can pick and choose what to remove

 

 

Please download TDSSKiller
  •  
  • Download TDSSKiller.exe to your desktop
  • Double click TDSSKiller To start the program <-- XP/Vista Users
  • Right Click TDSSKiller and select RUN AS ADMINISTRATOR <--Windows 7 and 8
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
  • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
 
 
 
 
 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
 
  •  
  • Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 
 

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#15 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:10:03 PM

Posted 27 January 2015 - 10:07 AM

.

Hi, Ken; I'll get on the ball faster next time; I've had some "life run-ins"  lately.

 

I looked at the ADWCleaner more carefully this time; it actually does allow you to pick and choose what to get rid of. After the scan, there is a series of tabs (Services, Folders, Files, Shortcuts...)  I didn't make note of. I was aware only of the "Services" one.

 

I have to uninstall HotSpotShield anyway, as the System Restore did not bring that program back to working order. If it will make our lives easier, I can uninstall both that and Orbit. (And I am sure there is reason why both programs are targeted by the cleaning programs, but unless whatever harm they cause cannot be lived with, it becomes a question of the lesser of two evils... balanced with whatever worth they provide. In the case of HotSpotShield, how ironic that it would be targeted, since it purports to "shield" one's system from the evil that is out there.)

 

Perhaps at the end of our process, you can recommend whether I should get rid of the remnants of the cleaning tool programs. I see I have a couple of "mbar" folders on my desktop, and there is also a FRST (Farbar Recovery Scan Tool) directory in my C drive, as well as the AdwCleaner one.. (I can live with these, of course, if need be.)

 

You instructed me to let you know whether there are entries I'd like to keep, and I don't see anything. I hope the program does not knock out my Internet connection setting again; if so, I will try your rebooting trick, and if that fails, System Restore should save the day once more. The Firefox right-click menu problem keeps acting up, despite what I thought, so I don't have to worry about AdwCleaner messing that up again; I suppose the only way to fix that will be to reinstall Firefox. Perhaps you might know of a way to tweak that back into shape..

 

Thank you again, very much.

 

 

 

 

TDSS Killer

 

 

 

 

 

08:32:25.0461 0x134c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:32:28.0899 0x134c  ============================================================
08:32:28.0899 0x134c  Current date / time: 2015/01/27 08:32:28.0899
08:32:28.0899 0x134c  SystemInfo:
08:32:28.0899 0x134c  
08:32:28.0899 0x134c  OS Version: 6.0.6002 ServicePack: 2.0
08:32:28.0899 0x134c  Product type: Workstation
08:32:28.0899 0x134c  ComputerName: MG-PC
08:32:28.0899 0x134c  UserName: MG
08:32:28.0899 0x134c  Windows directory: C:\Windows
08:32:28.0899 0x134c  System windows directory: C:\Windows
08:32:28.0899 0x134c  Processor architecture: Intel x86
08:32:28.0899 0x134c  Number of processors: 2
08:32:28.0899 0x134c  Page size: 0x1000
08:32:28.0899 0x134c  Boot type: Normal boot
08:32:28.0899 0x134c  ============================================================
08:32:32.0353 0x134c  KLMD registered as C:\Windows\system32\drivers\99038892.sys
08:32:32.0525 0x134c  System UUID: {01004C6C-969C-716E-5F90-C1DEA0388FCA}
08:32:33.0072 0x134c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:32:33.0072 0x134c  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:32:33.0103 0x134c  ============================================================
08:32:33.0103 0x134c  \Device\Harddisk0\DR0:
08:32:33.0103 0x134c  MBR partitions:
08:32:33.0103 0x134c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x35BF09C2
08:32:33.0103 0x134c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35BF0A01, BlocksNum 0x4794240
08:32:33.0103 0x134c  \Device\Harddisk1\DR1:
08:32:33.0103 0x134c  MBR partitions:
08:32:33.0103 0x134c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xE8E035C1
08:32:33.0103 0x134c  ============================================================
08:32:33.0150 0x134c  C: <-> \Device\Harddisk0\DR0\Partition1
08:32:33.0150 0x134c  E: <-> \Device\Harddisk1\DR1\Partition1
08:32:33.0212 0x134c  Z: <-> \Device\Harddisk0\DR0\Partition2
08:32:33.0212 0x134c  ============================================================
08:32:33.0212 0x134c  Initialize success
08:32:33.0212 0x134c  ============================================================
08:32:53.0947 0x0a28  ============================================================
08:32:53.0947 0x0a28  Scan started
08:32:53.0947 0x0a28  Mode: Manual; TDLFS;
08:32:53.0947 0x0a28  ============================================================
08:32:53.0947 0x0a28  KSN ping started
08:32:56.0384 0x0a28  KSN ping finished: true
08:32:58.0103 0x0a28  ================ Scan system memory ========================
08:32:58.0103 0x0a28  System memory - ok
08:32:58.0103 0x0a28  ================ Scan services =============================
08:32:58.0291 0x0a28  [ 585E64BB6DFBC0A2F1F0B554DED012DF, D1AB49DA951583E8E8154D977A47F4D20911BD4F77A0D5AD1293570426F3F6FA ] 61883           C:\Windows\system32\DRIVERS\61883.sys
08:32:58.0291 0x0a28  61883 - ok
08:32:58.0400 0x0a28  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
08:32:58.0416 0x0a28  ACPI - ok
08:32:58.0509 0x0a28  [ C0C8248730EBB49BD8DF2B0981FCA312, 2B664B83F489D67D1FA8F0ACA64D96A7D727ED871031665E469230DDB98E5061 ] AcrSch2Svc      C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
08:32:58.0509 0x0a28  AcrSch2Svc - ok
08:32:58.0603 0x0a28  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:32:58.0619 0x0a28  adp94xx - ok
08:32:58.0681 0x0a28  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:32:58.0681 0x0a28  adpahci - ok
08:32:58.0697 0x0a28  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
08:32:58.0697 0x0a28  adpu160m - ok
08:32:58.0728 0x0a28  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:32:58.0728 0x0a28  adpu320 - ok
08:32:58.0791 0x0a28  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:32:58.0791 0x0a28  AeLookupSvc - ok
08:32:58.0869 0x0a28  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
08:32:58.0884 0x0a28  AFD - ok
08:32:58.0947 0x0a28  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:32:58.0947 0x0a28  agp440 - ok
08:32:59.0056 0x0a28  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
08:32:59.0072 0x0a28  aic78xx - ok
08:32:59.0087 0x0a28  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
08:32:59.0087 0x0a28  ALG - ok
08:32:59.0119 0x0a28  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
08:32:59.0119 0x0a28  aliide - ok
08:32:59.0150 0x0a28  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
08:32:59.0150 0x0a28  amdagp - ok
08:32:59.0181 0x0a28  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
08:32:59.0181 0x0a28  amdide - ok
08:32:59.0212 0x0a28  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
08:32:59.0212 0x0a28  AmdK7 - ok
08:32:59.0228 0x0a28  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:32:59.0228 0x0a28  AmdK8 - ok
08:32:59.0322 0x0a28  [ C710B5D634DCCF966661939193175DE4, 1DCB065DB28FBC28976BBD8AACD06080ED445D65FF678B8332EE0F2F94C0346D ] AntUpdaterService C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
08:32:59.0322 0x0a28  AntUpdaterService - ok
08:32:59.0384 0x0a28  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
08:32:59.0384 0x0a28  Appinfo - ok
08:32:59.0400 0x0a28  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
08:32:59.0416 0x0a28  arc - ok
08:32:59.0431 0x0a28  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:32:59.0447 0x0a28  arcsas - ok
08:32:59.0494 0x0a28  [ DE6ED95AEF259979B2830450072A627B, 28B02E088F408A1A2E90A48797E75EE8DC0A10F334CC943EEA3BA951C2F61EB3 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
08:32:59.0509 0x0a28  aswFsBlk - ok
08:32:59.0572 0x0a28  [ 62F9DCEC95F91B8E0203E85D344A7E65, 8B30F6469C9448A4F9C6E934DA90588A978D9551667B73852D20FF9C2FC6B5DF ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
08:32:59.0572 0x0a28  aswMonFlt - ok
08:32:59.0587 0x0a28  [ 7C9F0A2AB17D52261A9252A2EB320884, AB9362167A2FEB43265DC163419BECB128540EDFC56966BBDE2DEFF05EE58D9F ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
08:32:59.0587 0x0a28  AswRdr - ok
08:32:59.0619 0x0a28  [ B32E9AD44A1DBB3E8095E80F8DF32B03, 6AD8BE2ABBEC680E5133B0D02DC5B1A58B82288AF13A1CD61EDDD24B3341F57D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
08:32:59.0634 0x0a28  aswSnx - ok
08:32:59.0681 0x0a28  [ 67B558895695545FB0568B7541F3BCA7, 8C2A478B750C9268E203F9F86557F97AA3C3B4BB635966ECDA1249EC6D280E89 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
08:32:59.0697 0x0a28  aswSP - ok
08:32:59.0744 0x0a28  [ E3E73B2B73A4DFADFDDF557192C4B08A, 7D41C9BCB6B0DB4188347D92191B19196613EEAA88F9C3B7E78CFFDE41C357DC ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
08:32:59.0744 0x0a28  aswTdi - ok
08:32:59.0791 0x0a28  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:32:59.0791 0x0a28  AsyncMac - ok
08:32:59.0822 0x0a28  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
08:32:59.0822 0x0a28  atapi - ok
08:32:59.0900 0x0a28  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:32:59.0900 0x0a28  AudioEndpointBuilder - ok
08:32:59.0978 0x0a28  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
08:32:59.0994 0x0a28  Audiosrv - ok
08:33:00.0041 0x0a28  [ 8FA553E9AE69808D99C164733A0F9590, D3F5BA7000EF311A0E4772B5BF9B0BFFCA721FA971D87DD76B7E8B9B06E9BBC3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:33:00.0041 0x0a28  avast! Antivirus - ok
08:33:00.0119 0x0a28  [ F4B56425A00BEB32F5FA6603FF7B0EA2, E91E401053AC9363DE4675879D01B4E0D4054B7AEBBFEE656861170820F53278 ] Avc             C:\Windows\system32\DRIVERS\avc.sys
08:33:00.0119 0x0a28  Avc - ok
08:33:00.0166 0x0a28  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:33:00.0166 0x0a28  Beep - ok
08:33:00.0228 0x0a28  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
08:33:00.0244 0x0a28  BFE - ok
08:33:00.0353 0x0a28  [ BE5D50529799B9BAB6BE879EC768B6CF, 7110AFC1E16584C8C194EE0DE9D779A159D1AD2553EA650324F16C3DA847DE72 ] BIOS            C:\Windows\system32\drivers\BIOS.sys
08:33:00.0353 0x0a28  BIOS - ok
08:33:00.0447 0x0a28  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
08:33:00.0462 0x0a28  BITS - ok
08:33:00.0509 0x0a28  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
08:33:00.0509 0x0a28  blbdrive - ok
08:33:00.0603 0x0a28  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:33:00.0603 0x0a28  bowser - ok
08:33:00.0666 0x0a28  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
08:33:00.0666 0x0a28  BrFiltLo - ok
08:33:00.0681 0x0a28  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
08:33:00.0681 0x0a28  BrFiltUp - ok
08:33:00.0759 0x0a28  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
08:33:00.0759 0x0a28  Browser - ok
08:33:00.0900 0x0a28  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
08:33:00.0916 0x0a28  Brserid - ok
08:33:00.0947 0x0a28  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
08:33:00.0947 0x0a28  BrSerWdm - ok
08:33:00.0994 0x0a28  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
08:33:00.0994 0x0a28  BrUsbMdm - ok
08:33:01.0025 0x0a28  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
08:33:01.0025 0x0a28  BrUsbSer - ok
08:33:01.0056 0x0a28  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
08:33:01.0072 0x0a28  BrYNSvc - ok
08:33:01.0087 0x0a28  [ ABEFFD18E7DB6B988B25A42BCD7D400F, 264BB4AECD20D6CF496BABF189062E89D76E96490A1ECE09F40BEC584600C232 ] BS_I2cIo        C:\Windows\system32\drivers\BS_I2cIo.sys
08:33:01.0087 0x0a28  BS_I2cIo - ok
08:33:01.0150 0x0a28  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:33:01.0150 0x0a28  BTHMODEM - ok
08:33:01.0197 0x0a28  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:33:01.0197 0x0a28  cdfs - ok
08:33:01.0244 0x0a28  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:33:01.0244 0x0a28  cdrom - ok
08:33:01.0306 0x0a28  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
08:33:01.0306 0x0a28  CertPropSvc - ok
08:33:01.0322 0x0a28  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
08:33:01.0322 0x0a28  circlass - ok
08:33:01.0384 0x0a28  [ F16E93CA9E8E3711A263F2A8024EF5DC, F9A6D89776C0F5CF2522971342D5B6FEDDB930F972303895EC78925B4EA9BFEE ] CleanService    C:\PROGRA~1\MIGOSO~1\DIGITA~1\CleanService.exe
08:33:01.0400 0x0a28  CleanService - ok
08:33:01.0416 0x0a28  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
08:33:01.0416 0x0a28  CLFS - ok
08:33:01.0494 0x0a28  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:33:01.0494 0x0a28  clr_optimization_v2.0.50727_32 - ok
08:33:01.0587 0x0a28  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:33:01.0587 0x0a28  clr_optimization_v4.0.30319_32 - ok
08:33:01.0650 0x0a28  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:33:01.0650 0x0a28  cmdide - ok
08:33:01.0666 0x0a28  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:33:01.0666 0x0a28  Compbatt - ok
08:33:01.0681 0x0a28  COMSysApp - ok
08:33:01.0697 0x0a28  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:33:01.0697 0x0a28  crcdisk - ok
08:33:01.0712 0x0a28  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
08:33:01.0712 0x0a28  Crusoe - ok
08:33:01.0775 0x0a28  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:33:01.0775 0x0a28  CryptSvc - ok
08:33:01.0837 0x0a28  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:33:01.0853 0x0a28  DcomLaunch - ok
08:33:01.0884 0x0a28  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:33:01.0884 0x0a28  DfsC - ok
08:33:01.0994 0x0a28  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
08:33:02.0041 0x0a28  DFSR - ok
08:33:02.0087 0x0a28  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
08:33:02.0103 0x0a28  Dhcp - ok
08:33:02.0150 0x0a28  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
08:33:02.0150 0x0a28  disk - ok
08:33:02.0181 0x0a28  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:33:02.0181 0x0a28  Dnscache - ok
08:33:02.0197 0x0a28  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
08:33:02.0212 0x0a28  dot3svc - ok
08:33:02.0259 0x0a28  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
08:33:02.0259 0x0a28  DPS - ok
08:33:02.0322 0x0a28  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:33:02.0322 0x0a28  drmkaud - ok
08:33:02.0384 0x0a28  [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831, 162CA60AFEEB45C45BA986D21660F23CF2432645993D4FAB8C8AE27CE40DA9AF ] dvd43llh        C:\Windows\system32\DRIVERS\dvd43llh.sys
08:33:02.0384 0x0a28  dvd43llh - ok
08:33:02.0541 0x0a28  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:33:02.0556 0x0a28  DXGKrnl - ok
08:33:02.0587 0x0a28  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
08:33:02.0587 0x0a28  E1G60 - ok
08:33:02.0603 0x0a28  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
08:33:02.0619 0x0a28  EapHost - ok
08:33:02.0666 0x0a28  [ 2EA8CCC4AF7D9223DD397D8CCB636F5D, DCC2D68DC50703C34021583884901C93179226E57FE91CD75F77CE6C69099B30 ] EASEUS Agent    C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
08:33:02.0666 0x0a28  EASEUS Agent - ok
08:33:02.0744 0x0a28  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
08:33:02.0744 0x0a28  Ecache - ok
08:33:02.0822 0x0a28  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:33:02.0822 0x0a28  ehRecvr - ok
08:33:02.0853 0x0a28  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
08:33:02.0869 0x0a28  ehSched - ok
08:33:02.0884 0x0a28  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
08:33:02.0884 0x0a28  ehstart - ok
08:33:02.0962 0x0a28  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:33:02.0962 0x0a28  elxstor - ok
08:33:03.0009 0x0a28  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
08:33:03.0025 0x0a28  EMDMgmt - ok
08:33:03.0072 0x0a28  [ A81AB23EDDB4693612014D87367D014C, 6AF1B0D3C3A61710A31B11C531E090C363C34A3D7C6365FDFA2B425F03E9EBAB ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:33:03.0072 0x0a28  ErrDev - ok
08:33:03.0134 0x0a28  [ 0C7F516415333F854D2CE45C6F2D6420, 3DBE457B9F298B663D4F7A5945B1C9C6843E3230643B332E14A1FDB4B681A567 ] EUBAKUP         C:\Windows\system32\drivers\eubakup.sys
08:33:03.0134 0x0a28  EUBAKUP - ok
08:33:03.0150 0x0a28  [ F986EE234B05769C7FBD8DEF8D20E32F, F6361FAA183497D813EF913A7F809E8AC9EEAEB144770DE058DF9663CFA9FE0C ] EuDisk          C:\Windows\system32\DRIVERS\EuDisk.sys
08:33:03.0150 0x0a28  EuDisk - ok
08:33:03.0166 0x0a28  [ DB677F262DDB5DE277C8F655EBD114F5, 96955A07FE4E28185F0CD39B3ECB34E8E17D73679256428EE8BE320D49CF6D83 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
08:33:03.0166 0x0a28  EUDSKACS - ok
08:33:03.0166 0x0a28  [ 42F734E7EB6C05E97DF18C0EB16C350A, 625310E55E99C8BA7DE1E0F094949B53117A6BA22DAE5D58B0D4DE5D3A52DD9C ] EUFS            C:\Windows\system32\drivers\eufs.sys
08:33:03.0166 0x0a28  EUFS - ok
08:33:03.0259 0x0a28  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
08:33:03.0275 0x0a28  EventSystem - ok
08:33:03.0337 0x0a28  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:33:03.0353 0x0a28  exfat - ok
08:33:03.0384 0x0a28  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:33:03.0384 0x0a28  fastfat - ok
08:33:03.0462 0x0a28  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:33:03.0462 0x0a28  fdc - ok
08:33:03.0462 0x0a28  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
08:33:03.0478 0x0a28  fdPHost - ok
08:33:03.0478 0x0a28  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:33:03.0478 0x0a28  FDResPub - ok
08:33:03.0556 0x0a28  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:33:03.0556 0x0a28  FileInfo - ok
08:33:03.0572 0x0a28  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:33:03.0572 0x0a28  Filetrace - ok
08:33:03.0587 0x0a28  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:33:03.0587 0x0a28  flpydisk - ok
08:33:03.0712 0x0a28  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:33:03.0712 0x0a28  FltMgr - ok
08:33:03.0822 0x0a28  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
08:33:03.0853 0x0a28  FontCache - ok
08:33:03.0931 0x0a28  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:33:03.0931 0x0a28  FontCache3.0.0.0 - ok
08:33:03.0962 0x0a28  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:33:03.0962 0x0a28  Fs_Rec - ok
08:33:03.0994 0x0a28  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:33:03.0994 0x0a28  gagp30kx - ok
08:33:04.0072 0x0a28  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
08:33:04.0087 0x0a28  gpsvc - ok
08:33:04.0244 0x0a28  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:33:04.0259 0x0a28  gupdate - ok
08:33:04.0291 0x0a28  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:33:04.0306 0x0a28  gupdatem - ok
08:33:04.0353 0x0a28  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:33:04.0353 0x0a28  gusvc - ok
08:33:04.0416 0x0a28  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:33:04.0416 0x0a28  HdAudAddService - ok
08:33:04.0462 0x0a28  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
08:33:04.0509 0x0a28  HDAudBus - ok
08:33:04.0556 0x0a28  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:33:04.0572 0x0a28  HidBth - ok
08:33:04.0587 0x0a28  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:33:04.0587 0x0a28  HidIr - ok
08:33:04.0603 0x0a28  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
08:33:04.0603 0x0a28  hidserv - ok
08:33:04.0634 0x0a28  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:33:04.0634 0x0a28  HidUsb - ok
08:33:04.0650 0x0a28  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:33:04.0650 0x0a28  hkmsvc - ok
08:33:04.0697 0x0a28  HP Health Check Service - ok
08:33:04.0712 0x0a28  [ 7EBEC5EB56B90ED65A8BBD91464E5CFB, 1CBDF532EFFFD564F79A45B2204BF02D9E6AC390796928DBE6DE9AF73E20C4B3 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
08:33:04.0728 0x0a28  HpCISSs - ok
08:33:04.0806 0x0a28  [ 617732F6C0F86DF3757B1D39211C15E5, 5B584AAB69574B847424BAE70B57AC58DF8993B38AED7F0F02ECC2B610DACB22 ] HSF_DP          C:\Windows\system32\DRIVERS\HSX_DP.sys
08:33:04.0822 0x0a28  HSF_DP - ok
08:33:05.0025 0x0a28  [ 77ED10C64F9DE2BF3F4F0B92541422F6, ADC7DDA8CBA47E7EE17BAB9EAA5DD51EB86A4DDB402EF1F24F81ECCA990583A6 ] hshld           C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
08:33:05.0056 0x0a28  hshld - ok
08:33:05.0087 0x0a28  [ 21E25622478BE3B4BECDF1213BA5CDC8, 452245E1B11218BC9C0ADC528FCE9B912BD16A8820F8DA46E17EBCE1B6E34A4B ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
08:33:05.0103 0x0a28  HssDRV6 - ok
08:33:05.0166 0x0a28  [ 7A97848FE7C47F9390427EBDDD92F9F1, 2C053D1433585B3FA0ED839CDFC80CAB3A2D670F5B1F6E3D80BC31EB5CE0E948 ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
08:33:05.0166 0x0a28  HssTrayService - ok
08:33:05.0228 0x0a28  [ 5CB01FD5AA4885BC4811433B54393AF2, 018AC4FDE8099731C3D9F77EE66B6EB902DC246D4E68DD20962CD2D7C48C2123 ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
08:33:05.0228 0x0a28  HssWd - ok
08:33:05.0259 0x0a28  [ B1322E002BC4A556F83E4EDDE8E2F30F, 0B79C0587B72C2AC9211B2B3E977B17979760A6B51841C7022A5DA7D832AC184 ] HSXHWBS3        C:\Windows\system32\DRIVERS\HSXHWBS3.sys
08:33:05.0275 0x0a28  HSXHWBS3 - ok
08:33:05.0462 0x0a28  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:33:05.0478 0x0a28  HTTP - ok
08:33:05.0556 0x0a28  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
08:33:05.0556 0x0a28  i2omp - ok
08:33:05.0603 0x0a28  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
08:33:05.0603 0x0a28  i8042prt - ok
08:33:05.0650 0x0a28  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
08:33:05.0666 0x0a28  iaStorV - ok
08:33:05.0869 0x0a28  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:33:05.0962 0x0a28  idsvc - ok
08:33:06.0462 0x0a28  [ DCE0B53570703CCE580D066F89EF58CD, C5C2C4F51F2DB2BB6E7F1218472AEAAD996514AB99EA84946A473CB7A64D9E15 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
08:33:06.0650 0x0a28  igfx - ok
08:33:06.0728 0x0a28  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:33:06.0728 0x0a28  iirsp - ok
08:33:06.0759 0x0a28  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
08:33:06.0775 0x0a28  IKEEXT - ok
08:33:06.0947 0x0a28  [ F42F2F88017A2E2B6F783ACEF6C2C149, 84AA1EFEACE3663F5E3D937C655B5B61C72C6922082F6BB7D30CEF67C267A40A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:33:07.0041 0x0a28  IntcAzAudAddService - ok
08:33:07.0119 0x0a28  [ 5CF0990FC1F6676F7B00366AB224DA92, 980908606D401024CAD24E294397F0386DA68DDA13E0DE2AE551EE4B59E36296 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
08:33:07.0119 0x0a28  IntcHdmiAddService - ok
08:33:07.0134 0x0a28  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
08:33:07.0134 0x0a28  intelide - ok
08:33:07.0197 0x0a28  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:33:07.0197 0x0a28  intelppm - ok
08:33:07.0244 0x0a28  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:33:07.0259 0x0a28  IPBusEnum - ok
08:33:07.0275 0x0a28  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:33:07.0275 0x0a28  IpFilterDriver - ok
08:33:07.0291 0x0a28  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:33:07.0306 0x0a28  iphlpsvc - ok
08:33:07.0306 0x0a28  IpInIp - ok
08:33:07.0337 0x0a28  [ 4B9C0F4D4A3ACC535F9771039ECD6365, C150DB53288BFC30B9CE8C061A5FF3AFCB4D6FFCB76CB4E6966191BB7B2E99EE ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
08:33:07.0337 0x0a28  IPMIDRV - ok
08:33:07.0353 0x0a28  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
08:33:07.0369 0x0a28  IPNAT - ok
08:33:07.0369 0x0a28  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:33:07.0369 0x0a28  IRENUM - ok
08:33:07.0384 0x0a28  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:33:07.0400 0x0a28  isapnp - ok
08:33:07.0447 0x0a28  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
08:33:07.0447 0x0a28  iScsiPrt - ok
08:33:07.0462 0x0a28  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
08:33:07.0462 0x0a28  iteatapi - ok
08:33:07.0509 0x0a28  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
08:33:07.0509 0x0a28  iteraid - ok
08:33:07.0525 0x0a28  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
08:33:07.0525 0x0a28  kbdclass - ok
08:33:07.0556 0x0a28  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
08:33:07.0556 0x0a28  kbdhid - ok
08:33:07.0587 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
08:33:07.0587 0x0a28  KeyIso - ok
08:33:07.0619 0x0a28  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:33:07.0634 0x0a28  KSecDD - ok
08:33:07.0681 0x0a28  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:33:07.0697 0x0a28  KtmRm - ok
08:33:07.0775 0x0a28  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:33:07.0791 0x0a28  LanmanServer - ok
08:33:07.0853 0x0a28  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:33:07.0853 0x0a28  LanmanWorkstation - ok
08:33:07.0884 0x0a28  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:33:07.0884 0x0a28  lltdio - ok
08:33:07.0916 0x0a28  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:33:07.0931 0x0a28  lltdsvc - ok
08:33:07.0931 0x0a28  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:33:07.0947 0x0a28  lmhosts - ok
08:33:07.0962 0x0a28  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:33:07.0962 0x0a28  LSI_FC - ok
08:33:07.0978 0x0a28  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:33:07.0978 0x0a28  LSI_SAS - ok
08:33:08.0009 0x0a28  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:33:08.0009 0x0a28  LSI_SCSI - ok
08:33:08.0025 0x0a28  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:33:08.0025 0x0a28  luafv - ok
08:33:08.0056 0x0a28  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:33:08.0056 0x0a28  Mcx2Svc - ok
08:33:08.0087 0x0a28  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:33:08.0087 0x0a28  mdmxsdk - ok
08:33:08.0119 0x0a28  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
08:33:08.0119 0x0a28  megasas - ok
08:33:08.0181 0x0a28  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
08:33:08.0197 0x0a28  MegaSR - ok
08:33:08.0228 0x0a28  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
08:33:08.0228 0x0a28  MMCSS - ok
08:33:08.0244 0x0a28  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
08:33:08.0244 0x0a28  Modem - ok
08:33:08.0275 0x0a28  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:33:08.0275 0x0a28  monitor - ok
08:33:08.0291 0x0a28  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:33:08.0291 0x0a28  mouclass - ok
08:33:08.0306 0x0a28  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:33:08.0306 0x0a28  mouhid - ok
08:33:08.0322 0x0a28  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
08:33:08.0322 0x0a28  MountMgr - ok
08:33:08.0369 0x0a28  [ 5DA347912FD3AF24D7BFB3DE519D4BD0, 4115406BAD580D9B4BF9589711D76B61CF516959E467BFA4456CE78017F89FCB ] mpio            C:\Windows\system32\drivers\mpio.sys
08:33:08.0384 0x0a28  mpio - ok
08:33:08.0400 0x0a28  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:33:08.0400 0x0a28  mpsdrv - ok
08:33:08.0431 0x0a28  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:33:08.0447 0x0a28  MpsSvc - ok
08:33:08.0478 0x0a28  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
08:33:08.0478 0x0a28  Mraid35x - ok
08:33:08.0478 0x0a28  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:33:08.0494 0x0a28  MRxDAV - ok
08:33:08.0572 0x0a28  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:33:08.0603 0x0a28  mrxsmb - ok
08:33:08.0650 0x0a28  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:33:08.0650 0x0a28  mrxsmb10 - ok
08:33:08.0666 0x0a28  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:33:08.0666 0x0a28  mrxsmb20 - ok
08:33:08.0681 0x0a28  [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci          C:\Windows\system32\drivers\msahci.sys
08:33:08.0681 0x0a28  msahci - ok
08:33:08.0697 0x0a28  [ 2C563AEF15B8D0014C36C5F27742AC7B, 378BA92A1C7E3B0DEBD7B4C28EDF9E5461313D66985B40EFB075DD6169936494 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:33:08.0697 0x0a28  msdsm - ok
08:33:08.0712 0x0a28  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
08:33:08.0728 0x0a28  MSDTC - ok
08:33:08.0759 0x0a28  [ 343291A4DFD7C923C3F71F550830EC1C, E62DEEE0ECA76DD276FA27B02F91EA1A5314BDE1EA0F919FA89238A7662B8CA5 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
08:33:08.0759 0x0a28  MSDV - ok
08:33:08.0775 0x0a28  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:33:08.0775 0x0a28  Msfs - ok
08:33:08.0822 0x0a28  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:33:08.0822 0x0a28  msisadrv - ok
08:33:08.0884 0x0a28  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:33:08.0900 0x0a28  MSiSCSI - ok
08:33:08.0900 0x0a28  msiserver - ok
08:33:08.0947 0x0a28  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:33:08.0947 0x0a28  MSKSSRV - ok
08:33:08.0962 0x0a28  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:33:08.0962 0x0a28  MSPCLOCK - ok
08:33:08.0978 0x0a28  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:33:08.0978 0x0a28  MSPQM - ok
08:33:08.0994 0x0a28  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:33:08.0994 0x0a28  MsRPC - ok
08:33:09.0041 0x0a28  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
08:33:09.0041 0x0a28  mssmbios - ok
08:33:09.0072 0x0a28  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:33:09.0072 0x0a28  MSTEE - ok
08:33:09.0087 0x0a28  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:33:09.0087 0x0a28  Mup - ok
08:33:09.0103 0x0a28  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
08:33:09.0119 0x0a28  napagent - ok
08:33:09.0166 0x0a28  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:33:09.0181 0x0a28  NativeWifiP - ok
08:33:09.0228 0x0a28  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:33:09.0259 0x0a28  NDIS - ok
08:33:09.0259 0x0a28  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:33:09.0259 0x0a28  NdisTapi - ok
08:33:09.0291 0x0a28  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:33:09.0291 0x0a28  Ndisuio - ok
08:33:09.0322 0x0a28  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:33:09.0322 0x0a28  NdisWan - ok
08:33:09.0337 0x0a28  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:33:09.0337 0x0a28  NDProxy - ok
08:33:09.0509 0x0a28  [ 0FF3C6AA3E0FE0EB316DF5449B569463, 7EDB0349F5E4714368EB27667385FF7B935D6C050E7E45C25E792D9825082C52 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
08:33:09.0572 0x0a28  Nero BackItUp Scheduler 4.0 - ok
08:33:09.0587 0x0a28  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:33:09.0587 0x0a28  NetBIOS - ok
08:33:09.0603 0x0a28  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
08:33:09.0603 0x0a28  netbt - ok
08:33:09.0681 0x0a28  [ 38CE271DAC632044AA18A7457CBBE2D2, 342D07965BCA402364CB87E98A8EFDBAA69DFBB129D36B658C0B91223AB0AAEE ] NETGEARGenieDaemon C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
08:33:09.0681 0x0a28  NETGEARGenieDaemon - ok
08:33:09.0681 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
08:33:09.0697 0x0a28  Netlogon - ok
08:33:09.0791 0x0a28  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
08:33:09.0806 0x0a28  Netman - ok
08:33:09.0853 0x0a28  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
08:33:09.0869 0x0a28  netprofm - ok
08:33:09.0884 0x0a28  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:33:09.0884 0x0a28  NetTcpPortSharing - ok
08:33:09.0900 0x0a28  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:33:09.0900 0x0a28  nfrd960 - ok
08:33:09.0931 0x0a28  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:33:09.0931 0x0a28  NlaSvc - ok
08:33:09.0947 0x0a28  [ B48DC6ABCD3AEFF8618350CCBDC6B09A, 824D8B03E061DDD0D33EF9F03C669B13E7B6E339684009BD44D69178C45E2DE1 ] NPF             C:\Windows\system32\drivers\npf.sys
08:33:09.0947 0x0a28  NPF - ok
08:33:09.0962 0x0a28  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:33:09.0978 0x0a28  Npfs - ok
08:33:09.0994 0x0a28  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
08:33:09.0994 0x0a28  nsi - ok
08:33:10.0009 0x0a28  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:33:10.0009 0x0a28  nsiproxy - ok
08:33:10.0056 0x0a28  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:33:10.0103 0x0a28  Ntfs - ok
08:33:10.0134 0x0a28  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
08:33:10.0134 0x0a28  ntrigdigi - ok
08:33:10.0134 0x0a28  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
08:33:10.0134 0x0a28  Null - ok
08:33:10.0197 0x0a28  [ ED53B817E63AFFBA328C2E9632FBF487, DF5E17B6BB8CA640415410E3134B65674F52204F54274BB6A0AFA7D831AA6531 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
08:33:10.0197 0x0a28  NVHDA - ok
08:33:10.0525 0x0a28  [ 75FA3DC6C2838F35B15CF45E9E0D10A8, 483062E27D167C3B56583BD0D4200919153EC5B02D164FD78EA8AA7EB9464A13 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:33:10.0744 0x0a28  nvlddmkm - ok
08:33:10.0822 0x0a28  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:33:10.0837 0x0a28  nvraid - ok
08:33:10.0869 0x0a28  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:33:10.0869 0x0a28  nvstor - ok
08:33:10.0900 0x0a28  [ 2784C071EC57DCDBA6D4A2A017F56CD4, A6D80C285F61BAD1CB5E154B1ACBCC9AE896852E1D150A4F80BF8880ACBB94CF ] nvsvc           C:\Windows\system32\nvvsvc.exe
08:33:10.0916 0x0a28  nvsvc - ok
08:33:11.0009 0x0a28  [ A9AFE5B0648C8D7A411A72D8222F7F6E, A58AF8C615D97C769DA778D56F7E6999AAEB577C82C65455D3B2A8ED5B742777 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:33:11.0041 0x0a28  nvUpdatusService - ok
08:33:11.0087 0x0a28  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:33:11.0087 0x0a28  nv_agp - ok
08:33:11.0087 0x0a28  NwlnkFlt - ok
08:33:11.0103 0x0a28  NwlnkFwd - ok
08:33:11.0166 0x0a28  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
08:33:11.0181 0x0a28  ohci1394 - ok
08:33:11.0212 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
08:33:11.0244 0x0a28  p2pimsvc - ok
08:33:11.0259 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:33:11.0275 0x0a28  p2psvc - ok
08:33:11.0322 0x0a28  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:33:11.0322 0x0a28  Parport - ok
08:33:11.0337 0x0a28  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:33:11.0337 0x0a28  partmgr - ok
08:33:11.0353 0x0a28  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
08:33:11.0353 0x0a28  Parvdm - ok
08:33:11.0369 0x0a28  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:33:11.0369 0x0a28  PcaSvc - ok
08:33:11.0447 0x0a28  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
08:33:11.0462 0x0a28  pci - ok
08:33:11.0478 0x0a28  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
08:33:11.0478 0x0a28  pciide - ok
08:33:11.0494 0x0a28  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:33:11.0509 0x0a28  pcmcia - ok
08:33:11.0556 0x0a28  [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
08:33:11.0556 0x0a28  pcouffin - ok
08:33:11.0634 0x0a28  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:33:11.0650 0x0a28  PEAUTH - ok
08:33:11.0744 0x0a28  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
08:33:11.0822 0x0a28  pla - ok
08:33:11.0837 0x0a28  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:33:11.0853 0x0a28  PlugPlay - ok
08:33:11.0884 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
08:33:11.0900 0x0a28  PNRPAutoReg - ok
08:33:11.0916 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
08:33:11.0931 0x0a28  PNRPsvc - ok
08:33:11.0962 0x0a28  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:33:11.0978 0x0a28  PolicyAgent - ok
08:33:12.0025 0x0a28  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:33:12.0025 0x0a28  PptpMiniport - ok
08:33:12.0056 0x0a28  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
08:33:12.0056 0x0a28  Processor - ok
08:33:12.0072 0x0a28  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
08:33:12.0087 0x0a28  ProfSvc - ok
08:33:12.0103 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
08:33:12.0103 0x0a28  ProtectedStorage - ok
08:33:12.0119 0x0a28  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
08:33:12.0134 0x0a28  PSched - ok
08:33:12.0197 0x0a28  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:33:12.0244 0x0a28  ql2300 - ok
08:33:12.0275 0x0a28  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:33:12.0275 0x0a28  ql40xx - ok
08:33:12.0306 0x0a28  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
08:33:12.0306 0x0a28  QWAVE - ok
08:33:12.0322 0x0a28  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:33:12.0322 0x0a28  QWAVEdrv - ok
08:33:12.0337 0x0a28  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:33:12.0337 0x0a28  RasAcd - ok
08:33:12.0353 0x0a28  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
08:33:12.0353 0x0a28  RasAuto - ok
08:33:12.0369 0x0a28  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:33:12.0369 0x0a28  Rasl2tp - ok
08:33:12.0400 0x0a28  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
08:33:12.0400 0x0a28  RasMan - ok
08:33:12.0416 0x0a28  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:33:12.0431 0x0a28  RasPppoe - ok
08:33:12.0447 0x0a28  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:33:12.0447 0x0a28  RasSstp - ok
08:33:12.0478 0x0a28  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:33:12.0478 0x0a28  rdbss - ok
08:33:12.0494 0x0a28  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:33:12.0494 0x0a28  RDPCDD - ok
08:33:12.0509 0x0a28  [ 943B18305EAE3935598A9B4A3D560B4C, E083FA4B9CA1A24031FF23A54942372D7FB3F02F62EE3580F01BEC3229DB2101 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
08:33:12.0525 0x0a28  rdpdr - ok
08:33:12.0525 0x0a28  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:33:12.0525 0x0a28  RDPENCDD - ok
08:33:12.0556 0x0a28  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:33:12.0572 0x0a28  RDPWD - ok
08:33:12.0634 0x0a28  [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
08:33:12.0634 0x0a28  RealNetworks Downloader Resolver Service - ok
08:33:12.0697 0x0a28  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:33:12.0697 0x0a28  RemoteAccess - ok
08:33:12.0712 0x0a28  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:33:12.0728 0x0a28  RemoteRegistry - ok
08:33:12.0744 0x0a28  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
08:33:12.0744 0x0a28  RpcLocator - ok
08:33:12.0775 0x0a28  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
08:33:12.0791 0x0a28  RpcSs - ok
08:33:12.0806 0x0a28  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:33:12.0822 0x0a28  rspndr - ok
08:33:12.0884 0x0a28  [ 17B1D7CE7AF11FB24DB1DEF9621C033B, FD32D58363B877FA145A4A68410CDA23A47B9C34823A30650BCFFB4C07F85303 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
08:33:12.0884 0x0a28  RTL8169 - ok
08:33:12.0900 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
08:33:12.0900 0x0a28  SamSs - ok
08:33:12.0916 0x0a28  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:33:12.0916 0x0a28  sbp2port - ok
08:33:12.0962 0x0a28  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:33:12.0978 0x0a28  SCardSvr - ok
08:33:13.0009 0x0a28  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
08:33:13.0041 0x0a28  Schedule - ok
08:33:13.0072 0x0a28  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:33:13.0072 0x0a28  SCPolicySvc - ok
08:33:13.0087 0x0a28  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:33:13.0087 0x0a28  SDRSVC - ok
08:33:13.0150 0x0a28  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:33:13.0150 0x0a28  secdrv - ok
08:33:13.0150 0x0a28  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
08:33:13.0166 0x0a28  seclogon - ok
08:33:13.0166 0x0a28  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
08:33:13.0181 0x0a28  SENS - ok
08:33:13.0197 0x0a28  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:33:13.0197 0x0a28  Serenum - ok
08:33:13.0212 0x0a28  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:33:13.0212 0x0a28  Serial - ok
08:33:13.0228 0x0a28  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:33:13.0228 0x0a28  sermouse - ok
08:33:13.0259 0x0a28  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:33:13.0259 0x0a28  SessionEnv - ok
08:33:13.0275 0x0a28  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:33:13.0275 0x0a28  sffdisk - ok
08:33:13.0291 0x0a28  [ E5EAFE85815BD89095FEF3144A09AB68, 625A3D73380AA3C1BAACA1ED7382B30DA4E435418DF5AEF911C473ADB220789B ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:33:13.0291 0x0a28  sffp_mmc - ok
08:33:13.0322 0x0a28  [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:33:13.0322 0x0a28  sffp_sd - ok
08:33:13.0337 0x0a28  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:33:13.0337 0x0a28  sfloppy - ok
08:33:13.0369 0x0a28  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:33:13.0384 0x0a28  SharedAccess - ok
08:33:13.0431 0x0a28  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:33:13.0447 0x0a28  ShellHWDetection - ok
08:33:13.0462 0x0a28  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
08:33:13.0462 0x0a28  sisagp - ok
08:33:13.0478 0x0a28  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
08:33:13.0478 0x0a28  SiSRaid2 - ok
08:33:13.0494 0x0a28  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:33:13.0509 0x0a28  SiSRaid4 - ok
08:33:13.0572 0x0a28  [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
08:33:13.0572 0x0a28  SkypeUpdate - ok
08:33:13.0697 0x0a28  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
08:33:13.0775 0x0a28  slsvc - ok
08:33:13.0822 0x0a28  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
08:33:13.0822 0x0a28  SLUINotify - ok
08:33:13.0900 0x0a28  [ 46B40982AF166BF89C3F51FB13E60D6D, C95C4EEF37D270BFB59B8A706AF76EE5859E14030C7F042C9D8C1101A672DB8E ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
08:33:13.0900 0x0a28  SmartDefragDriver - ok
08:33:13.0931 0x0a28  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:33:13.0931 0x0a28  Smb - ok
08:33:13.0962 0x0a28  [ B6AA9BBFF890FFEA333FFE81D0B888FF, C2700D5B7E7BBEA34A8788939DF996D4EBBCA86DF54776B433316E9ED39EFBF8 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
08:33:13.0978 0x0a28  snapman - ok
08:33:13.0994 0x0a28  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:33:13.0994 0x0a28  SNMPTRAP - ok
08:33:13.0994 0x0a28  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:33:14.0009 0x0a28  spldr - ok
08:33:14.0025 0x0a28  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
08:33:14.0041 0x0a28  Spooler - ok
08:33:14.0056 0x0a28  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:33:14.0072 0x0a28  srv - ok
08:33:14.0087 0x0a28  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:33:14.0087 0x0a28  srv2 - ok
08:33:14.0119 0x0a28  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:33:14.0119 0x0a28  srvnet - ok
08:33:14.0134 0x0a28  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:33:14.0134 0x0a28  SSDPSRV - ok
08:33:14.0197 0x0a28  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:33:14.0197 0x0a28  SstpSvc - ok
08:33:14.0244 0x0a28  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
08:33:14.0259 0x0a28  stisvc - ok
08:33:14.0306 0x0a28  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
08:33:14.0322 0x0a28  swenum - ok
08:33:14.0322 0x0a28  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
08:33:14.0337 0x0a28  swprv - ok
08:33:14.0353 0x0a28  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
08:33:14.0353 0x0a28  Symc8xx - ok
08:33:14.0369 0x0a28  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
08:33:14.0369 0x0a28  Sym_hi - ok
08:33:14.0384 0x0a28  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
08:33:14.0384 0x0a28  Sym_u3 - ok
08:33:14.0431 0x0a28  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
08:33:14.0447 0x0a28  SysMain - ok
08:33:14.0462 0x0a28  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:33:14.0478 0x0a28  TabletInputService - ok
08:33:14.0509 0x0a28  [ 5E5CAB2BE8F078DCD0D3BFE6AE87AA2E, 9FA1F711BB7CA3E24F20C54953450BE2F31DCB49A475D97534CF41F358066450 ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
08:33:14.0509 0x0a28  taphss6 - ok
08:33:14.0541 0x0a28  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:33:14.0556 0x0a28  TapiSrv - ok
08:33:14.0603 0x0a28  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
08:33:14.0603 0x0a28  TBS - ok
08:33:14.0650 0x0a28  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:33:14.0681 0x0a28  Tcpip - ok
08:33:14.0712 0x0a28  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
08:33:14.0728 0x0a28  Tcpip6 - ok
08:33:14.0759 0x0a28  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:33:14.0759 0x0a28  tcpipreg - ok
08:33:14.0791 0x0a28  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:33:14.0791 0x0a28  TDPIPE - ok
08:33:14.0806 0x0a28  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:33:14.0806 0x0a28  TDTCP - ok
08:33:14.0822 0x0a28  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:33:14.0822 0x0a28  tdx - ok
08:33:14.0837 0x0a28  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
08:33:14.0837 0x0a28  TermDD - ok
08:33:14.0869 0x0a28  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
08:33:14.0900 0x0a28  TermService - ok
08:33:14.0916 0x0a28  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
08:33:14.0916 0x0a28  Themes - ok
08:33:14.0931 0x0a28  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
08:33:14.0947 0x0a28  THREADORDER - ok
08:33:14.0962 0x0a28  [ B84B82C0CBEB1B0D7EB7A946BADE5830, 96FAF1C156251A39A9807CEE7CDE3B5DBCCF55FA80FBDDB31E6189E6042FE5E8 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
08:33:14.0962 0x0a28  tifsfilter - ok
08:33:14.0978 0x0a28  [ 74711884439BDF9CCF446C79CB05FAC0, 561F88C041AA73FF33B27D17DEB67A43622E7AF5FB666B0C97BEB904308E5163 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
08:33:14.0994 0x0a28  timounter - ok
08:33:15.0041 0x0a28  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
08:33:15.0041 0x0a28  TrkWks - ok
08:33:15.0072 0x0a28  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:33:15.0072 0x0a28  TrustedInstaller - ok
08:33:15.0103 0x0a28  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:33:15.0103 0x0a28  tssecsrv - ok
08:33:15.0150 0x0a28  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
08:33:15.0150 0x0a28  tunmp - ok
08:33:15.0181 0x0a28  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:33:15.0181 0x0a28  tunnel - ok
08:33:15.0197 0x0a28  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:33:15.0197 0x0a28  uagp35 - ok
08:33:15.0212 0x0a28  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:33:15.0212 0x0a28  udfs - ok
08:33:15.0244 0x0a28  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:33:15.0259 0x0a28  UI0Detect - ok
08:33:15.0275 0x0a28  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:33:15.0275 0x0a28  uliagpkx - ok
08:33:15.0291 0x0a28  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
08:33:15.0306 0x0a28  uliahci - ok
08:33:15.0337 0x0a28  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
08:33:15.0337 0x0a28  UlSata - ok
08:33:15.0353 0x0a28  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
08:33:15.0353 0x0a28  ulsata2 - ok
08:33:15.0384 0x0a28  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:33:15.0384 0x0a28  umbus - ok
08:33:15.0431 0x0a28  [ 88BD96A1BAEED33EE8BDF9499C07A841, 1C4DA1B34FE52B8022AB23CBF18D6B16635283625BB2D08E6524292E6009773A ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
08:33:15.0431 0x0a28  UMPass - ok
08:33:15.0494 0x0a28  [ F365FA561C3AB455D8685770D208691A, 8CBADC9E73A1A647FBB2FC4D603CD2A478162890DA657DC039A8389214AE22D2 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
08:33:15.0494 0x0a28  UnlockerDriver5 - ok
08:33:15.0525 0x0a28  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
08:33:15.0525 0x0a28  upnphost - ok
08:33:15.0603 0x0a28  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:33:15.0619 0x0a28  usbccgp - ok
08:33:15.0634 0x0a28  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:33:15.0634 0x0a28  usbcir - ok
08:33:15.0650 0x0a28  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
08:33:15.0650 0x0a28  usbehci - ok
08:33:15.0666 0x0a28  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:33:15.0681 0x0a28  usbhub - ok
08:33:15.0697 0x0a28  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:33:15.0697 0x0a28  usbohci - ok
08:33:15.0728 0x0a28  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:33:15.0744 0x0a28  usbprint - ok
08:33:15.0837 0x0a28  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:33:15.0869 0x0a28  usbscan - ok
08:33:15.0884 0x0a28  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:33:15.0900 0x0a28  USBSTOR - ok
08:33:15.0916 0x0a28  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
08:33:15.0916 0x0a28  usbuhci - ok
08:33:15.0931 0x0a28  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
08:33:15.0947 0x0a28  UxSms - ok
08:33:15.0962 0x0a28  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
08:33:15.0994 0x0a28  vds - ok
08:33:16.0009 0x0a28  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:33:16.0009 0x0a28  vga - ok
08:33:16.0041 0x0a28  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:33:16.0041 0x0a28  VgaSave - ok
08:33:16.0072 0x0a28  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
08:33:16.0072 0x0a28  viaagp - ok
08:33:16.0087 0x0a28  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
08:33:16.0087 0x0a28  ViaC7 - ok
08:33:16.0103 0x0a28  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
08:33:16.0103 0x0a28  viaide - ok
08:33:16.0119 0x0a28  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:33:16.0119 0x0a28  volmgr - ok
08:33:16.0150 0x0a28  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:33:16.0150 0x0a28  volmgrx - ok
08:33:16.0181 0x0a28  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:33:16.0181 0x0a28  volsnap - ok
08:33:16.0212 0x0a28  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:33:16.0212 0x0a28  vsmraid - ok
08:33:16.0275 0x0a28  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
08:33:16.0353 0x0a28  VSS - ok
08:33:16.0384 0x0a28  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
08:33:16.0416 0x0a28  W32Time - ok
08:33:16.0431 0x0a28  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:33:16.0431 0x0a28  WacomPen - ok
08:33:16.0462 0x0a28  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
08:33:16.0462 0x0a28  Wanarp - ok
08:33:16.0478 0x0a28  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:33:16.0478 0x0a28  Wanarpv6 - ok
08:33:16.0541 0x0a28  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:33:16.0556 0x0a28  wcncsvc - ok
08:33:16.0587 0x0a28  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:33:16.0603 0x0a28  WcsPlugInService - ok
08:33:16.0619 0x0a28  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
08:33:16.0619 0x0a28  Wd - ok
08:33:16.0650 0x0a28  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
08:33:16.0650 0x0a28  WDC_SAM - ok
08:33:16.0697 0x0a28  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:33:16.0712 0x0a28  Wdf01000 - ok
08:33:16.0728 0x0a28  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:33:16.0728 0x0a28  WdiServiceHost - ok
08:33:16.0744 0x0a28  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:33:16.0744 0x0a28  WdiSystemHost - ok
08:33:16.0759 0x0a28  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
08:33:16.0775 0x0a28  WebClient - ok
08:33:16.0791 0x0a28  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:33:16.0806 0x0a28  Wecsvc - ok
08:33:16.0822 0x0a28  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:33:16.0822 0x0a28  wercplsupport - ok
08:33:16.0837 0x0a28  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:33:16.0853 0x0a28  WerSvc - ok
08:33:16.0884 0x0a28  [ F1265727C078406299FF4B3B033E3132, 041C74DA3987FB9D85A0BA961A9E9C6DC96A4B88CC7C45B592F27A5809E86303 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:33:16.0916 0x0a28  winachsf - ok
08:33:16.0978 0x0a28  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:33:16.0978 0x0a28  WinDefend - ok
08:33:16.0994 0x0a28  WinHttpAutoProxySvc - ok
08:33:17.0103 0x0a28  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:33:17.0134 0x0a28  Winmgmt - ok
08:33:17.0197 0x0a28  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:33:17.0244 0x0a28  WinRM - ok
08:33:17.0306 0x0a28  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:33:17.0322 0x0a28  Wlansvc - ok
08:33:17.0353 0x0a28  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:33:17.0353 0x0a28  WmiAcpi - ok
08:33:17.0400 0x0a28  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:33:17.0400 0x0a28  wmiApSrv - ok
08:33:17.0462 0x0a28  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:33:17.0478 0x0a28  WMPNetworkSvc - ok
08:33:17.0525 0x0a28  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:33:17.0525 0x0a28  WPCSvc - ok
08:33:17.0556 0x0a28  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:33:17.0556 0x0a28  WPDBusEnum - ok
08:33:17.0712 0x0a28  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:33:17.0728 0x0a28  WPFFontCache_v0400 - ok
08:33:17.0775 0x0a28  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:33:17.0791 0x0a28  ws2ifsl - ok
08:33:17.0822 0x0a28  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
08:33:17.0822 0x0a28  wscsvc - ok
08:33:17.0822 0x0a28  WSearch - ok
08:33:17.0916 0x0a28  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:33:17.0994 0x0a28  wuauserv - ok
08:33:18.0025 0x0a28  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:33:18.0025 0x0a28  WudfPf - ok
08:33:18.0041 0x0a28  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:33:18.0041 0x0a28  WUDFRd - ok
08:33:18.0072 0x0a28  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:33:18.0072 0x0a28  wudfsvc - ok
08:33:18.0103 0x0a28  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
08:33:18.0103 0x0a28  XAudio - ok
08:33:18.0119 0x0a28  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
08:33:18.0134 0x0a28  XAudioService - ok
08:33:18.0166 0x0a28  ================ Scan global ===============================
08:33:18.0197 0x0a28  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
08:33:18.0228 0x0a28  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
08:33:18.0259 0x0a28  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
08:33:18.0291 0x0a28  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
08:33:18.0306 0x0a28  [ Global ] - ok
08:33:18.0306 0x0a28  ================ Scan MBR ==================================
08:33:18.0322 0x0a28  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:33:18.0572 0x0a28  \Device\Harddisk0\DR0 - ok
08:33:18.0572 0x0a28  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
08:33:18.0650 0x0a28  \Device\Harddisk1\DR1 - ok
08:33:18.0650 0x0a28  ================ Scan VBR ==================================
08:33:18.0650 0x0a28  [ 4AA58DF798E2B2DC6E9B712FD0C672E7 ] \Device\Harddisk0\DR0\Partition1
08:33:18.0697 0x0a28  \Device\Harddisk0\DR0\Partition1 - ok
08:33:18.0697 0x0a28  [ 7A1B897CC61A3DA03E41197BE6ACA8EF ] \Device\Harddisk0\DR0\Partition2
08:33:18.0744 0x0a28  \Device\Harddisk0\DR0\Partition2 - ok
08:33:18.0744 0x0a28  [ 2CBCF56D386FDD66F332435CD9D7C1DF ] \Device\Harddisk1\DR1\Partition1
08:33:18.0744 0x0a28  \Device\Harddisk1\DR1\Partition1 - ok
08:33:18.0744 0x0a28  ================ Scan generic autorun ======================
08:33:18.0791 0x0a28  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
08:33:18.0853 0x0a28  Windows Defender - ok
08:33:19.0150 0x0a28  [ 40D5D8EEBE614F115B81E677587F1007, 9E880F50D774ACBF945DA3189FC840A37CB1A47C3941BB0FFAF87B391A682E4C ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
08:33:19.0306 0x0a28  RtHDVCpl - ok
08:33:19.0369 0x0a28  [ 8A6683AC1DAFA824615BB3857EF8C709, 3E0C4A19E9DC29D74DBCE53A58E5E196BBA2D4603C9D0CDE73FACE6C214A4154 ] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
08:33:19.0369 0x0a28  Adobe Reader Speed Launcher - ok
08:33:19.0416 0x0a28  [ A62C1C03713584382E5C8860D650F2C9, 456F34F09086809F8BA63C65EB3A99D91DD59CEADCDA478371E83A2C18F9E9C0 ] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
08:33:19.0416 0x0a28  EaseUs Watch - ok
08:33:19.0447 0x0a28  [ 2C1B1E9174D94E9F6EE3CF373ABAB7DD, 729D283DF70F727824EBCA223D5E5B27D16E3E2B5312B1B34CAE1E763192D7B5 ] C:\Windows\system32\igfxtray.exe
08:33:19.0447 0x0a28  IgfxTray - ok
08:33:19.0462 0x0a28  [ 87D78CF6365BDDACBE9D34B60FE0E23B, 4561DE7171FD9035FEDF7EEA059859732996A5E72364D0D9F230563A1A6AE3D4 ] C:\Windows\system32\hkcmd.exe
08:33:19.0478 0x0a28  HotKeysCmds - ok
08:33:19.0494 0x0a28  [ 89D3DE5E2C77DCD99C56F0E46310AEA0, 02E1B2353E5D5F65D7968698AFE079A4DF11C230F6213C07D128F47147BACA29 ] C:\Windows\system32\igfxpers.exe
08:33:19.0494 0x0a28  Persistence - ok
08:33:19.0619 0x0a28  [ 0CFC662AC49C190709D4EB71E8D3893D, F242ADE995BED5405754AF52CB3B464A0C00CE9357F87CF636F533AA18873E6B ] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
08:33:19.0650 0x0a28  AcronisTimounterMonitor - ok
08:33:19.0791 0x0a28  [ 7F42FFCD6FF7CA558C2D95DADCD5EFA9, CD9E71A718AD3FF465950A7D3937884154F021A296C301BE2FECD0AE69F04713 ] C:\Program Files\Browny02\Brother\BrStMonW.exe
08:33:19.0837 0x0a28  BrStsMon00 - ok
08:33:20.0056 0x0a28  [ 083649EF692A066880C9326020915AFE, 570DBF28F6D77890476F7B6A9C57F77DCC3C51038A1780540032B5FD9CF72190 ] C:\Program Files\AVAST Software\Avast\avastUI.exe
08:33:20.0134 0x0a28  avast - ok
08:33:20.0197 0x0a28  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
08:33:20.0197 0x0a28  SunJavaUpdateSched - ok
08:33:20.0275 0x0a28  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:33:20.0306 0x0a28  Sidebar - ok
08:33:20.0306 0x0a28  WindowsWelcomeCenter - ok
08:33:20.0400 0x0a28  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:33:20.0416 0x0a28  Sidebar - ok
08:33:20.0431 0x0a28  WindowsWelcomeCenter - ok
08:33:20.0462 0x0a28  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
08:33:20.0494 0x0a28  Sidebar - ok
08:33:20.0712 0x0a28  [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
08:33:20.0728 0x0a28  WinPatrol - ok
08:33:20.0822 0x0a28  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
08:33:20.0837 0x0a28  Sidebar - ok
08:33:20.0853 0x0a28  WindowsWelcomeCenter - ok
08:33:20.0853 0x0a28  Waiting for KSN requests completion. In queue: 324
08:33:21.0853 0x0a28  Waiting for KSN requests completion. In queue: 324
08:33:22.0244 0x068c  Object required for P2P: [ 3CE8F073A557E172B330109436984E30 ] sbp2port
08:33:22.0853 0x0a28  Waiting for KSN requests completion. In queue: 143
08:33:23.0853 0x0a28  Waiting for KSN requests completion. In queue: 129
08:33:24.0853 0x0a28  Waiting for KSN requests completion. In queue: 129
08:33:25.0228 0x068c  Object send P2P result: true
08:33:25.0869 0x0a28  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 7.0.1474.765 ), 0x41000 ( enabled : updated )
08:33:25.0869 0x0a28  Win FW state via NFP2: enabled
08:33:28.0337 0x0a28  ============================================================
08:33:28.0337 0x0a28  Scan finished
08:33:28.0337 0x0a28  ============================================================
08:33:28.0337 0x1410  Detected object count: 0
08:33:28.0337 0x1410  Actual detected object count: 0
 

 

 

 

 

 

 

AdwCleaner

 

 

 

 

 

 

# AdwCleaner v4.109 - Report created 27/01/2015 at 09:41:56
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : MG - MG-PC
# Running from : C:\Users\MG\Downloads\Programs\MALWARE Programs\Programs & Logs for RAT from Bleeping Comp  PART 3\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****

Service Found : hshld
Service Found : hsstrayservice
Service Found : hsswd

***** [ Files / Folders ] *****

File Found : C:\Users\Public\Desktop\Hotspot Shield.lnk
File Found : C:\Windows\system32\drivers\hssdrv6.sys
File Found : C:\Windows\system32\drivers\taphss6.sys
Folder Found : C:\Program Files\hotspot shield
Folder Found : C:\Program Files\orbitdownloader
Folder Found : C:\ProgramData\hotspot shield
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found : C:\Users\MG\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Folder Found : C:\Users\MG\AppData\Local\Temp\hotspot shield
Folder Found : C:\Users\MG\AppData\Roaming\hotspot shield
Folder Found : C:\Users\MG\AppData\Roaming\Mozilla\Firefox\Profiles\5z4kke4v.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Windows\system32\hotspot shield

***** [ Scheduled Tasks ] *****

Task Found : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=;ftp=;hxxps=;
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotspotshield
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\SimpleFiles
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Key Found : HKLM\SOFTWARE\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\SOFTWARE\Orbit
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Mozilla Firefox v3.6.16 (en-US)

[5z4kke4v.default] - Line Found : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]

-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R3].txt - [7763 octets] - [27/01/2015 09:41:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [7823 octets] ##########
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users