Jump to content

Topic Moved from Viruses, Spyware,(Resolved)


billydc
 Share

Recommended Posts

My original post concerned entries with ad.doubleclick.net and tags.bluekai.com when viewing web pages. Per instructions from Juliet, I am opening a new topic in this forum with the following logs:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by New name (administrator) on MATRIXBK-PC on 07-07-2014 19:25:00
Running from C:\Documents and Settings\New name\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.3.1.18\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files\ATT\8.3.1.18\ma\bin\node.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard ) C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.3.1.18\ma\bin\pcTrayApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [98395 2004-09-10] (Synaptics, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [684123 2004-09-10] (Synaptics, Inc.)
HKLM\...\Run: [Cpqset] => C:\Program Files\HPQ\Default Settings\cpqset.exe [229438 2004-10-22] ()
HKLM\...\Run: [eabconfg.cpl] => C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [290816 2004-09-17] (Hewlett-Packard )
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-08] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.3.1.18\ma\bin\pcTrayApp.exe [1986048 2013-12-02] (Alcatel-Lucent)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-05] (AVAST Software)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1957994488-152049171-1606980848-1003\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1957994488-152049171-1606980848-1003\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5626136 2014-06-05] (SUPERAntiSpyware)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dixie-net.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {4E8381A9-BEF5-4C05-8232-7509B90B228C} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4E8381A9-BEF5-4C05-8232-7509B90B228C} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\New name\Application Data\Mozilla\Firefox\Profiles\lqd0fod1.default
FF Homepage: user_pref("browser.startup.homepage", "");
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\ATT\8.3.1.18\ma\bin\npMotive.dll (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Talkback - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2004-09-30]
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2013-12-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-27]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AT&T Troubleshoot & Resolve; C:\Program Files\ATT\8.3.1.18\ma\bin\MAHostService.exe [321024 2013-12-02] (Alcatel-Lucent) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
S3 hpqwmi; C:\Program Files\HPQ\SHARED\HPQWMI.exe [98304 2004-07-27] (Hewlett-Packard Development Company, L.P.) [File not signed]
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [376320 2005-08-11] (Broadcom Corporation)
R3 CAMCAUD; C:\WINDOWS\System32\drivers\camcaud.sys [292864 2004-06-27] (Conexant Systems Inc.)
R3 CAMCHALA; C:\WINDOWS\System32\drivers\camchal.sys [276480 2004-06-27] (Conexant Systems Inc.)
R1 eabfiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [7432 2004-04-13] (Hewlett-Packard Company) [File not signed]
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5220 2003-06-06] (Hewlett-Packard Company) [File not signed]
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-10] (Conexant Systems, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2004-09-30] (Sonic Solutions) [File not signed]
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-08-08] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-07 19:25 - 2014-07-07 19:25 - 00012319 _____ () C:\Documents and Settings\New name\Desktop\FRST.txt
2014-07-07 19:24 - 2014-07-07 19:25 - 00000000 ____D () C:\FRST
2014-07-07 19:23 - 2014-07-07 19:23 - 01074688 _____ (Farbar) C:\Documents and Settings\New name\Desktop\FRST.exe
2014-07-07 17:42 - 2014-07-07 17:42 - 01346519 _____ () C:\Documents and Settings\New name\Desktop\AdwCleaner.exe
2014-07-07 06:27 - 2014-07-07 06:51 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 06:27 - 2014-07-07 06:27 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 06:27 - 2014-07-07 06:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 06:27 - 2014-07-07 06:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 06:27 - 2014-05-12 07:55 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-07 06:27 - 2014-05-12 07:54 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-07 06:05 - 2014-07-07 06:05 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Documents and Settings\New name\Application Data\SUPERAntiSpyware.com
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-07-06 09:53 - 2014-07-07 17:50 - 00000000 ____D () C:\AdwCleaner
2014-07-05 07:10 - 2014-07-05 07:10 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-05 06:37 - 2014-07-05 06:37 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-06-11 19:53 - 2014-07-07 19:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified Files and Folders =======

2014-07-07 19:25 - 2014-07-07 19:25 - 00012319 _____ () C:\Documents and Settings\New name\Desktop\FRST.txt
2014-07-07 19:25 - 2014-07-07 19:24 - 00000000 ____D () C:\FRST
2014-07-07 19:25 - 2004-09-30 12:23 - 00000000 ____D () C:\Documents and Settings\New name\Local Settings\Temp
2014-07-07 19:23 - 2014-07-07 19:23 - 01074688 _____ (Farbar) C:\Documents and Settings\New name\Desktop\FRST.exe
2014-07-07 19:11 - 2004-09-30 12:18 - 01106651 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-07 19:11 - 2004-09-30 12:15 - 00021202 ____C () C:\WINDOWS\wmsetup.log
2014-07-07 19:08 - 2004-09-30 12:22 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-07-07 19:03 - 2014-06-11 19:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-07 18:38 - 2014-05-27 19:28 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-07 17:50 - 2014-07-06 09:53 - 00000000 ____D () C:\AdwCleaner
2014-07-07 17:44 - 2004-09-30 12:23 - 00000000 ____D () C:\Documents and Settings\New name
2014-07-07 17:42 - 2014-07-07 17:42 - 01346519 _____ () C:\Documents and Settings\New name\Desktop\AdwCleaner.exe
2014-07-07 16:50 - 2013-09-04 20:04 - 00000217 _____ () C:\Documents and Settings\New name\Desktop\National Hurricane Center.url
2014-07-07 16:50 - 2013-06-09 07:51 - 00001904 _____ () C:\Documents and Settings\New name\Desktop\Corinth Weather Station.url
2014-07-07 07:56 - 2013-06-04 20:57 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-07-07 07:56 - 2013-06-04 20:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-07 06:51 - 2014-07-07 06:27 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 06:27 - 2014-07-07 06:27 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 06:27 - 2014-07-07 06:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-07 06:27 - 2014-07-07 06:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 06:05 - 2014-07-07 06:05 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Documents and Settings\New name\Application Data\SUPERAntiSpyware.com
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-07-07 06:05 - 2014-07-07 06:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-07-07 05:38 - 2004-09-30 19:10 - 00572980 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-07 05:34 - 2014-03-11 18:33 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-07 05:34 - 2013-12-27 21:27 - 00000000 ____D () C:\Program Files\ATT
2014-07-07 05:34 - 2008-04-14 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-07 05:34 - 2004-09-30 12:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-06 20:52 - 2004-09-30 12:23 - 00000178 ___SH () C:\Documents and Settings\New name\ntuser.ini
2014-07-06 20:52 - 2004-09-30 12:22 - 00032470 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-06 12:54 - 2004-09-30 19:09 - 00186116 _____ () C:\WINDOWS\setupact.log
2014-07-06 06:18 - 2014-01-18 19:36 - 00000000 ____D () C:\Documents and Settings\New name\Application Data\Malwarebytes
2014-07-06 06:17 - 2014-01-18 19:36 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-06 06:17 - 2014-01-18 19:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-05 07:10 - 2014-07-05 07:10 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-07-05 06:38 - 2014-05-27 19:29 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-05 06:38 - 2014-05-27 19:28 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-07-05 06:37 - 2014-07-05 06:37 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-07-05 06:37 - 2014-05-27 19:28 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-07-05 06:37 - 2014-05-27 19:28 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-05 06:37 - 2014-05-27 19:28 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-07-05 06:37 - 2014-05-27 19:28 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-07-05 06:37 - 2014-05-27 19:28 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-05 06:37 - 2014-05-27 19:28 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys
2014-07-05 06:37 - 2014-05-27 19:28 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-07-05 06:37 - 2014-05-27 19:28 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-06-20 20:11 - 2004-09-30 12:36 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-11 19:53 - 2013-06-04 18:24 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-11 19:53 - 2013-06-04 18:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-10 19:14 - 2013-08-24 11:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-10 19:11 - 2013-06-04 17:45 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-08 19:00 - 2014-03-11 18:33 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-06-07 20:33 - 2014-01-18 10:12 - 00000353 _____ () C:\Documents and Settings\New name\Desktop\Corinth Weather - AccuWeather Forecast for MS 38834.url
2014-06-07 19:38 - 2013-10-05 20:45 - 00001911 _____ () C:\Documents and Settings\New name\Desktop\38834 Weather Forecast from Weather Underground.url

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by New name at 2014-07-07 19:25:46
Running from C:\Documents and Settings\New name\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Ahead Nero Burning ROM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
AiO_Scan_CDA (Version: 70.0.231.000 - Hewlett-Packard) Hidden
AiOSoftwareNPI (Version: 70.0.231.000 - Hewlett-Packard) Hidden
AT&T Troubleshoot & Resolve (HKLM\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.3.1.18 - AT&T)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1010 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5120 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.062-040929a-018664C - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: - )
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix online plug-in (Web) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Conexant AC-97 Audio (HKLM\...\Conexant PCI Audio) (Version: - )
Conexant Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C) (Version: - )
Fax_CDA (Version: 70.0.231.000 - Hewlett-Packard) Hidden
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 3.200.7.2 - )
HP Photosmart, Officejet and Deskjet 7.0.A (HKLM\...\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}) (Version: - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Java 2 Runtime Environment, SE v1.4.2_05 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142050}) (Version: 1.4.2_05 - Sun Microsystems, Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Mozilla Firefox (2.0.0.14) (HKLM\...\Mozilla Firefox (2.0.0.14)) (Version: 2.0.0.14 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewCopy_CDA (Version: 70.0.231.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Quick Launch Buttons 5.00 C2 (HKLM\...\{CEB326EC-8F40-47B2-BA22-BB092565D66F}) (Version: 5.00 C2 - )
Readme (Version: 70.0.231.000 - Hewlett-Packard) Hidden
REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.60 - REALTEK Semiconductor Corp.)
Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 7.11.14.0 - )
TaxACT 2013 - 1040 Edition (HKLM\...\TaxACT 2013 - 1040 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 Mississippi (HKLM\...\TaxACT 2013 Mississippi) (Version: - TaxACT, Inc.)
Texas Instruments PCIxx21/x515 drivers. (HKLM\...\InstallShield_{34F0AF1A-95B9-4E17-B8B5-CD1FE65CDFBD}) (Version: 1.35.0000 - Texas Instruments Inc.)
TIxx21/x515 (Version: 1.35.0000 - Texas Instruments Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Vista Sounds Pack (HKLM\...\{E1230694-33DA-4E74-82E1-06CC9D545E9B}) (Version: 1.0.0 - zen62619@zen.co.uk)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

==================== Restore Points =========================

==================== Hosts content: ==========================

2008-04-14 06:00 - 2008-04-14 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2014-05-27 19:28 - 2014-07-05 06:37 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-07 14:28 - 2014-07-07 14:28 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070701\algo.dll
2004-10-29 02:46 - 2005-08-03 10:32 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2012-10-29 05:23 - 2004-06-01 07:39 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2013-07-18 14:08 - 2013-07-18 14:08 - 00241152 _____ () C:\Program Files\ATT\8.3.1.18\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-07-18 14:07 - 2013-07-18 14:07 - 00268288 _____ () C:\Program Files\ATT\8.3.1.18\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-07-18 14:07 - 2013-07-18 14:07 - 00233984 _____ () C:\Program Files\ATT\8.3.1.18\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2012-07-12 18:37 - 2012-07-12 18:37 - 01380864 _____ () C:\Program Files\ATT\8.3.1.18\ma\node_modules\libxmljs\build\Release\libxmljs.node
2012-06-26 15:40 - 2012-06-26 15:40 - 00068096 _____ () C:\Program Files\ATT\8.3.1.18\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2014-05-27 19:28 - 2014-07-05 06:37 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2014 07:17:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/21/2014 08:54:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/20/2014 08:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application msiexec.exe, version 3.1.4001.5512, faulting module MSI58.tmp, version 7.0.600.19, fault address 0x000173b1.
Processing media-specific event for [msiexec.exe!ws!]

Error: (05/09/2014 07:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module wzcdlg.dll, version 5.1.2600.5512, fault address 0x000197cf.
Processing media-specific event for [explorer.exe!ws!]

Error: (04/23/2014 07:55:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23580, fault address 0x0014c4d3.
Processing media-specific event for [iexplore.exe!ws!]

Error: (04/21/2014 07:25:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module wzcdlg.dll, version 5.1.2600.5512, fault address 0x000197cf.
Processing media-specific event for [explorer.exe!ws!]

Error: (04/18/2014 06:08:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/05/2014 05:54:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/05/2014 11:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23569, fault address 0x0014c563.
Processing media-specific event for [iexplore.exe!ws!]

System errors:
=============
Error: (07/07/2014 05:34:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (07/07/2014 05:34:44 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Error: (07/07/2014 05:34:44 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Error: (07/07/2014 05:34:44 AM) (Source: SideBySide) (EventID: 34) (User: )
Description: Component identity found in manifest does not match the identity of the component requested

Error: (07/06/2014 00:52:38 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.

Error: (07/06/2014 00:16:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (07/06/2014 00:16:13 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Citrix\ICA Client\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Error: (07/06/2014 00:16:13 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Error: (07/06/2014 00:16:13 PM) (Source: SideBySide) (EventID: 34) (User: )
Description: Component identity found in manifest does not match the identity of the component requested

Error: (07/06/2014 00:14:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (07/01/2014 07:17:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (06/21/2014 08:54:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/20/2014 08:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe3.1.4001.5512MSI58.tmp7.0.600.19000173b1

Error: (05/09/2014 07:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512wzcdlg.dll5.1.2600.5512000197cf

Error: (04/23/2014 07:55:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235800014c4d3

Error: (04/21/2014 07:25:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512wzcdlg.dll5.1.2600.5512000197cf

Error: (04/18/2014 06:08:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/05/2014 05:54:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (04/05/2014 11:41:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235690014c563

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 1534.48 MB
Available physical RAM: 881.13 MB
Total Pagefile: 2920.55 MB
Available Pagefile: 2463.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:65.45 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 65E4C599)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Link to comment
Share on other sites

The script I created will reboot your computer, don't be alarmed.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKU\S-1-5-21-1957994488-152049171-1606980848-1003\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File

S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

*****************

 

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application

    tdss%20start.JPG

  • Then click on Change parameters.

     

    tdss%20Change%20param.JPG

  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

     

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

     

    tdss%20threat.JPG

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

     

    tdss%20report.JPG

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

 

 

 

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to comment
Share on other sites

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by New name at 2014-07-07 21:01:41 Run:1
Running from C:\Documents and Settings\New name\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Quote
start
HKU\S-1-5-21-1957994488-152049171-1606980848-1003\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No File
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
Reboot:
end

*****************

HKU\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}' => Key deleted successfully.
'HKCR\CLSID\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}' => Key deleted successfully.
OutfoxTvService => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

TDSSKiller report:

21:09:48.0031 0x0e88 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
21:09:57.0734 0x0e88 ============================================================
21:09:57.0734 0x0e88 Current date / time: 2014/07/07 21:09:57.0734
21:09:57.0734 0x0e88 SystemInfo:
21:09:57.0734 0x0e88
21:09:57.0734 0x0e88 OS Version: 5.1.2600 ServicePack: 3.0
21:09:57.0734 0x0e88 Product type: Workstation
21:09:57.0734 0x0e88 ComputerName: MATRIXBK-PC
21:09:57.0734 0x0e88 UserName: New name
21:09:57.0734 0x0e88 Windows directory: C:\WINDOWS
21:09:57.0734 0x0e88 System windows directory: C:\WINDOWS
21:09:57.0734 0x0e88 Processor architecture: Intel x86
21:09:57.0734 0x0e88 Number of processors: 2
21:09:57.0734 0x0e88 Page size: 0x1000
21:09:57.0734 0x0e88 Boot type: Normal boot
21:09:57.0734 0x0e88 ============================================================
21:10:00.0500 0x0e88 KLMD registered as C:\WINDOWS\system32\drivers\69965752.sys
21:10:00.0843 0x0e88 System UUID: {810BB083-A4A2-EFBB-F972-CA0876B1B14F}
21:10:01.0875 0x0e88 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:10:01.0890 0x0e88 ============================================================
21:10:01.0890 0x0e88 \Device\Harddisk0\DR0:
21:10:01.0890 0x0e88 MBR partitions:
21:10:01.0890 0x0e88 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
21:10:01.0890 0x0e88 ============================================================
21:10:01.0921 0x0e88 C: <-> \Device\Harddisk0\DR0\Partition1
21:10:01.0921 0x0e88 ============================================================
21:10:01.0921 0x0e88 Initialize success
21:10:01.0921 0x0e88 ============================================================
21:12:30.0765 0x0670 ============================================================
21:12:30.0765 0x0670 Scan started
21:12:30.0765 0x0670 Mode: Manual; SigCheck; TDLFS;
21:12:30.0765 0x0670 ============================================================
21:12:30.0765 0x0670 KSN ping started
21:12:44.0375 0x0670 KSN ping finished: true
21:12:45.0125 0x0670 ================ Scan system memory ========================
21:12:45.0140 0x0670 System memory - ok
21:12:45.0140 0x0670 ================ Scan services =============================
21:12:45.0218 0x0670 [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:12:45.0375 0x0670 !SASCORE - ok
21:12:45.0500 0x0670 Abiosdsk - ok
21:12:45.0500 0x0670 abp480n5 - ok
21:12:45.0562 0x0670 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:12:46.0484 0x0670 ACPI - ok
21:12:46.0531 0x0670 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:12:46.0703 0x0670 ACPIEC - ok
21:12:46.0875 0x0670 [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:12:46.0906 0x0670 AdobeFlashPlayerUpdateSvc - ok
21:12:46.0906 0x0670 adpu160m - ok
21:12:46.0968 0x0670 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:12:47.0171 0x0670 aec - ok
21:12:47.0218 0x0670 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:12:47.0265 0x0670 AFD - ok
21:12:47.0281 0x0670 Aha154x - ok
21:12:47.0281 0x0670 aic78u2 - ok
21:12:47.0281 0x0670 aic78xx - ok
21:12:47.0328 0x0670 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:12:47.0484 0x0670 Alerter - ok
21:12:47.0515 0x0670 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
21:12:47.0593 0x0670 ALG - ok
21:12:47.0609 0x0670 AliIde - ok
21:12:47.0609 0x0670 amsint - ok
21:12:47.0656 0x0670 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:12:47.0750 0x0670 AppMgmt - ok
21:12:47.0781 0x0670 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:12:47.0937 0x0670 Arp1394 - ok
21:12:47.0937 0x0670 asc - ok
21:12:47.0953 0x0670 asc3350p - ok
21:12:47.0953 0x0670 asc3550 - ok
21:12:48.0093 0x0670 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:12:48.0125 0x0670 aspnet_state - ok
21:12:48.0156 0x0670 [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys
21:12:48.0250 0x0670 aswHwid - ok
21:12:48.0296 0x0670 [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:12:48.0312 0x0670 aswMonFlt - ok
21:12:48.0359 0x0670 [ D6C9024F5D14843D33ADA8A6A10A1BE1, D40022D0A360FD4010D3D5D452BBC4CE9EE68224DEAB9584626E6F435E128857 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
21:12:48.0375 0x0670 aswRdr - ok
21:12:48.0375 0x0670 [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
21:12:48.0421 0x0670 aswRvrt - ok
21:12:48.0500 0x0670 [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:12:48.0562 0x0670 aswSnx - ok
21:12:48.0593 0x0670 [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:12:48.0640 0x0670 aswSP - ok
21:12:48.0687 0x0670 [ 26C51C289E39E8EE0F12B8B06B71E436, 81382FC3E836698432EE832A166F09251CC9164B17584E90F73037A1FA54E4F7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:12:48.0703 0x0670 aswTdi - ok
21:12:48.0718 0x0670 [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
21:12:48.0734 0x0670 aswVmm - ok
21:12:48.0781 0x0670 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:12:48.0953 0x0670 AsyncMac - ok
21:12:49.0093 0x0670 [ 8D4B979B3929A74C84BBDDA67FDE6EA5, E9ABBD76EAEB3EBDD5DC811AB7AFBBED3661C82F73A751F6D3C2E9A8CCDF8A39 ] AT&T Troubleshoot & Resolve C:\Program Files\ATT\8.3.1.18\ma\bin\MAHostService.exe
21:12:49.0140 0x0670 AT&T Troubleshoot & Resolve - detected UnsignedFile.Multi.Generic ( 1 )
21:12:51.0656 0x0670 Detect skipped due to KSN trusted
21:12:51.0656 0x0670 AT&T Troubleshoot & Resolve - ok
21:12:51.0718 0x0670 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:12:51.0859 0x0670 atapi - ok
21:12:51.0875 0x0670 Atdisk - ok
21:12:51.0937 0x0670 [ D01BD16ACAB7D7744F8C397EAEBB8798, 5169A2315C1F8BEA71E088E086A596C8EAD797AA0324DEEF4F405E22DBA28829 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:12:52.0015 0x0670 Ati HotKey Poller - ok
21:12:52.0093 0x0670 [ AAE41C74DB4DD34E8E97CB3A7A92C0B6, 610896A8AD3DAF45FD72D8E4F39011EADB3B87095A081E610AA390B70B76CB09 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:12:52.0187 0x0670 ati2mtag - ok
21:12:52.0218 0x0670 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:12:52.0375 0x0670 Atmarpc - ok
21:12:52.0406 0x0670 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:12:52.0578 0x0670 AudioSrv - ok
21:12:52.0625 0x0670 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:12:52.0796 0x0670 audstub - ok
21:12:52.0859 0x0670 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:12:52.0890 0x0670 avast! Antivirus - ok
21:12:52.0953 0x0670 [ FA4A4A50B4B2647AFEDC676CC68C69CC, 443AD577B00BF140EF77B7956DE9F972ADDB4CB828DCA8BC07874C51188C9D49 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:12:53.0015 0x0670 BCM43XX - ok
21:12:53.0031 0x0670 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:12:53.0203 0x0670 Beep - ok
21:12:53.0343 0x0670 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
21:12:53.0593 0x0670 BITS - ok
21:12:53.0625 0x0670 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
21:12:53.0671 0x0670 Browser - ok
21:12:53.0718 0x0670 [ DF813EDFF93FDE099E95F1B48A665D0C, BAEBAE34D36E27C215130A9625642AD3ED460FB176BC54CCD1832798C71548A6 ] CAMCAUD C:\WINDOWS\system32\drivers\camcaud.sys
21:12:53.0765 0x0670 CAMCAUD - ok
21:12:53.0812 0x0670 [ CB9EDA5216B6218E0A377813A767BF7E, 1D6B9D9342D8DCC45FE9269ABEC700B6CFCB2F53294B4ADFF9E5619150A97B9D ] CAMCHALA C:\WINDOWS\system32\drivers\camchal.sys
21:12:53.0859 0x0670 CAMCHALA - ok
21:12:53.0890 0x0670 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:12:54.0062 0x0670 cbidf2k - ok
21:12:54.0062 0x0670 cd20xrnt - ok
21:12:54.0109 0x0670 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:12:54.0265 0x0670 Cdaudio - ok
21:12:54.0312 0x0670 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:12:54.0468 0x0670 Cdfs - ok
21:12:54.0515 0x0670 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:12:54.0687 0x0670 Cdrom - ok
21:12:54.0687 0x0670 Changer - ok
21:12:54.0718 0x0670 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:12:54.0859 0x0670 CiSvc - ok
21:12:54.0859 0x0670 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:12:55.0031 0x0670 ClipSrv - ok
21:12:55.0093 0x0670 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:12:55.0140 0x0670 clr_optimization_v2.0.50727_32 - ok
21:12:55.0250 0x0670 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:12:55.0281 0x0670 clr_optimization_v4.0.30319_32 - ok
21:12:55.0296 0x0670 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:12:55.0453 0x0670 CmBatt - ok
21:12:55.0468 0x0670 CmdIde - ok
21:12:55.0484 0x0670 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:12:55.0640 0x0670 Compbatt - ok
21:12:55.0656 0x0670 COMSysApp - ok
21:12:55.0671 0x0670 Cpqarray - ok
21:12:55.0718 0x0670 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:12:55.0875 0x0670 CryptSvc - ok
21:12:55.0875 0x0670 dac2w2k - ok
21:12:55.0875 0x0670 dac960nt - ok
21:12:55.0937 0x0670 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:12:55.0984 0x0670 DcomLaunch - ok
21:12:56.0031 0x0670 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:12:56.0187 0x0670 Dhcp - ok
21:12:56.0203 0x0670 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:12:56.0375 0x0670 Disk - ok
21:12:56.0375 0x0670 dmadmin - ok
21:12:56.0453 0x0670 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:12:56.0671 0x0670 dmboot - ok
21:12:56.0718 0x0670 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:12:56.0875 0x0670 dmio - ok
21:12:56.0890 0x0670 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:12:57.0046 0x0670 dmload - ok
21:12:57.0078 0x0670 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
21:12:57.0250 0x0670 dmserver - ok
21:12:57.0296 0x0670 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:12:57.0453 0x0670 DMusic - ok
21:12:57.0500 0x0670 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:12:57.0531 0x0670 Dnscache - ok
21:12:57.0562 0x0670 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:12:57.0718 0x0670 Dot3svc - ok
21:12:57.0734 0x0670 dpti2o - ok
21:12:57.0781 0x0670 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:12:57.0937 0x0670 drmkaud - ok
21:12:58.0015 0x0670 [ 81B7808D3B5892388F33273119C2DC31, FF0E643EBD40D832985835D8A79D68FD35BFD806D511048A4A16624F69A33743 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
21:12:58.0031 0x0670 eabfiltr - detected UnsignedFile.Multi.Generic ( 1 )
21:13:03.0531 0x0670 Detect skipped due to KSN trusted
21:13:03.0531 0x0670 eabfiltr - ok
21:13:03.0562 0x0670 [ 1BA14DA377B66278335D4B9E8824CD42, 0570637390629D19B9EBBED451BBBA5F5797BC1F4E4182562FEF25EC8272E216 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
21:13:03.0593 0x0670 eabusb - detected UnsignedFile.Multi.Generic ( 1 )
21:13:13.0250 0x0670 Detect skipped due to KSN trusted
21:13:13.0250 0x0670 eabusb - ok
21:13:13.0265 0x0670 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:13:13.0437 0x0670 EapHost - ok
21:13:13.0468 0x0670 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:13:13.0625 0x0670 ERSvc - ok
21:13:13.0687 0x0670 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
21:13:13.0718 0x0670 Eventlog - ok
21:13:13.0796 0x0670 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
21:13:13.0828 0x0670 EventSystem - ok
21:13:13.0859 0x0670 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:13:14.0031 0x0670 Fastfat - ok
21:13:14.0109 0x0670 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:13:14.0171 0x0670 FastUserSwitchingCompatibility - ok
21:13:14.0218 0x0670 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:13:14.0375 0x0670 Fdc - ok
21:13:14.0406 0x0670 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:13:14.0546 0x0670 Fips - ok
21:13:14.0546 0x0670 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:13:14.0718 0x0670 Flpydisk - ok
21:13:14.0796 0x0670 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:13:14.0953 0x0670 FltMgr - ok
21:13:15.0015 0x0670 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:13:15.0046 0x0670 FontCache3.0.0.0 - ok
21:13:15.0062 0x0670 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:13:15.0203 0x0670 Fs_Rec - ok
21:13:15.0281 0x0670 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:13:15.0421 0x0670 Ftdisk - ok
21:13:15.0468 0x0670 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:13:15.0625 0x0670 Gpc - ok
21:13:15.0750 0x0670 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:13:15.0921 0x0670 helpsvc - ok
21:13:16.0000 0x0670 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:13:16.0140 0x0670 HidServ - ok
21:13:16.0171 0x0670 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:13:16.0312 0x0670 HidUsb - ok
21:13:16.0359 0x0670 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:13:16.0531 0x0670 hkmsvc - ok
21:13:16.0531 0x0670 hpn - ok
21:13:16.0609 0x0670 [ E7E0CF2E13994DAB2CE10DFEF25BF610, 4AD1E00FC970193B1779A5725AFB8F6BB30611F267043C59A619D9C422F4F61E ] hpqwmi C:\Program Files\HPQ\SHARED\HPQWMI.exe
21:13:16.0609 0x0670 hpqwmi - detected UnsignedFile.Multi.Generic ( 1 )
21:13:19.0140 0x0670 Detect skipped due to KSN trusted
21:13:19.0140 0x0670 hpqwmi - ok
21:13:19.0187 0x0670 [ FAC3B0A7EC158C4582D23EDA4C5A56E9, 708B4BCAA56209C98B118CF088E554FA2798C37F5ED9B91A0B2D1EA68F86F17E ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
21:13:19.0281 0x0670 HSFHWICH - ok
21:13:19.0343 0x0670 [ E5ADD2AFECBF514F5CCA730EDFDFB49E, EBA988B19A33A3D2B975D436487F555F4109513BE4239E4D04E5F966F8E09C9A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:13:19.0468 0x0670 HSF_DP - ok
21:13:19.0531 0x0670 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:13:19.0562 0x0670 HTTP - ok
21:13:19.0593 0x0670 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:13:19.0765 0x0670 HTTPFilter - ok
21:13:19.0765 0x0670 i2omgmt - ok
21:13:19.0781 0x0670 i2omp - ok
21:13:19.0875 0x0670 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:13:20.0031 0x0670 i8042prt - ok
21:13:20.0125 0x0670 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:13:20.0203 0x0670 idsvc - ok
21:13:20.0281 0x0670 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:13:20.0437 0x0670 Imapi - ok
21:13:20.0484 0x0670 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
21:13:20.0640 0x0670 ImapiService - ok
21:13:20.0656 0x0670 ini910u - ok
21:13:20.0718 0x0670 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:13:20.0890 0x0670 IntelIde - ok
21:13:20.0968 0x0670 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:13:21.0109 0x0670 intelppm - ok
21:13:21.0171 0x0670 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:13:21.0328 0x0670 Ip6Fw - ok
21:13:21.0359 0x0670 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:13:21.0515 0x0670 IpFilterDriver - ok
21:13:21.0562 0x0670 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:13:21.0718 0x0670 IpInIp - ok
21:13:21.0765 0x0670 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:13:21.0953 0x0670 IpNat - ok
21:13:21.0968 0x0670 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:13:22.0109 0x0670 IPSec - ok
21:13:22.0156 0x0670 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:13:22.0234 0x0670 IRENUM - ok
21:13:22.0281 0x0670 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:13:22.0453 0x0670 isapnp - ok
21:13:22.0468 0x0670 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:13:22.0625 0x0670 Kbdclass - ok
21:13:22.0656 0x0670 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:13:22.0812 0x0670 kbdhid - ok
21:13:22.0875 0x0670 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:13:23.0062 0x0670 kmixer - ok
21:13:23.0078 0x0670 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:13:23.0109 0x0670 KSecDD - ok
21:13:23.0140 0x0670 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:13:23.0187 0x0670 LanmanServer - ok
21:13:23.0250 0x0670 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:13:23.0281 0x0670 lanmanworkstation - ok
21:13:23.0281 0x0670 lbrtfdc - ok
21:13:23.0328 0x0670 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:13:23.0484 0x0670 LmHosts - ok
21:13:23.0562 0x0670 [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:13:23.0625 0x0670 mdmxsdk - ok
21:13:23.0656 0x0670 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:13:23.0796 0x0670 Messenger - ok
21:13:23.0890 0x0670 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:13:24.0015 0x0670 mnmdd - ok
21:13:24.0062 0x0670 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:13:24.0203 0x0670 mnmsrvc - ok
21:13:24.0234 0x0670 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:13:24.0390 0x0670 Modem - ok
21:13:24.0468 0x0670 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:13:24.0609 0x0670 Mouclass - ok
21:13:24.0671 0x0670 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:13:24.0843 0x0670 mouhid - ok
21:13:24.0875 0x0670 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:13:25.0062 0x0670 MountMgr - ok
21:13:25.0078 0x0670 mraid35x - ok
21:13:25.0187 0x0670 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:13:25.0218 0x0670 MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
21:13:27.0875 0x0670 Detect skipped due to KSN trusted
21:13:27.0875 0x0670 MREMP50 - ok
21:13:27.0875 0x0670 MREMPR5 - ok
21:13:27.0890 0x0670 MRENDIS5 - ok
21:13:27.0921 0x0670 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:13:27.0921 0x0670 MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
21:13:30.0796 0x0670 Detect skipped due to KSN trusted
21:13:30.0796 0x0670 MRESP50 - ok
21:13:30.0828 0x0670 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:13:30.0984 0x0670 MRxDAV - ok
21:13:31.0125 0x0670 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:13:31.0203 0x0670 MRxSmb - ok
21:13:31.0250 0x0670 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:13:31.0421 0x0670 MSDTC - ok
21:13:31.0468 0x0670 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:13:31.0593 0x0670 Msfs - ok
21:13:31.0609 0x0670 MSIServer - ok
21:13:31.0671 0x0670 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:13:31.0812 0x0670 MSKSSRV - ok
21:13:31.0843 0x0670 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:13:31.0984 0x0670 MSPCLOCK - ok
21:13:32.0062 0x0670 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:13:32.0234 0x0670 MSPQM - ok
21:13:32.0265 0x0670 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:13:32.0421 0x0670 mssmbios - ok
21:13:32.0453 0x0670 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:13:32.0500 0x0670 Mup - ok
21:13:32.0546 0x0670 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:13:32.0718 0x0670 napagent - ok
21:13:32.0765 0x0670 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:13:32.0937 0x0670 NDIS - ok
21:13:32.0984 0x0670 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:13:33.0031 0x0670 NdisTapi - ok
21:13:33.0062 0x0670 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:13:33.0218 0x0670 Ndisuio - ok
21:13:33.0281 0x0670 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:13:33.0421 0x0670 NdisWan - ok
21:13:33.0468 0x0670 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:13:33.0531 0x0670 NDProxy - ok
21:13:33.0562 0x0670 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:13:33.0703 0x0670 NetBIOS - ok
21:13:33.0765 0x0670 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:13:33.0937 0x0670 NetBT - ok
21:13:33.0968 0x0670 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
21:13:34.0109 0x0670 NetDDE - ok
21:13:34.0125 0x0670 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:13:34.0265 0x0670 NetDDEdsdm - ok
21:13:34.0343 0x0670 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:13:34.0500 0x0670 Netlogon - ok
21:13:34.0593 0x0670 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
21:13:34.0765 0x0670 Netman - ok
21:13:34.0812 0x0670 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:13:34.0828 0x0670 NetTcpPortSharing - ok
21:13:34.0859 0x0670 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:13:35.0000 0x0670 NIC1394 - ok
21:13:35.0062 0x0670 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
21:13:35.0093 0x0670 Nla - ok
21:13:35.0109 0x0670 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:13:35.0265 0x0670 Npfs - ok
21:13:35.0328 0x0670 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:13:35.0515 0x0670 Ntfs - ok
21:13:35.0546 0x0670 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:13:35.0687 0x0670 NtLmSsp - ok
21:13:35.0796 0x0670 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:13:35.0968 0x0670 NtmsSvc - ok
21:13:36.0078 0x0670 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
21:13:36.0234 0x0670 Null - ok
21:13:36.0265 0x0670 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:13:36.0421 0x0670 NwlnkFlt - ok
21:13:36.0421 0x0670 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:13:36.0578 0x0670 NwlnkFwd - ok
21:13:36.0656 0x0670 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:13:36.0796 0x0670 ohci1394 - ok
21:13:36.0843 0x0670 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:13:37.0015 0x0670 Parport - ok
21:13:37.0015 0x0670 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:13:37.0171 0x0670 PartMgr - ok
21:13:37.0265 0x0670 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:13:37.0406 0x0670 ParVdm - ok
21:13:37.0468 0x0670 [ 671E4992795AEC98BE354CF730ADD449, 3672C5235A487CDF74CC4BF4A43C2360607873DCC0AB6803D5A256A40EF512EF ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe
21:13:37.0500 0x0670 pcCMService - detected UnsignedFile.Multi.Generic ( 1 )
21:13:40.0265 0x0670 Detect skipped due to KSN trusted
21:13:40.0281 0x0670 pcCMService - ok
21:13:40.0328 0x0670 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:13:40.0484 0x0670 PCI - ok
21:13:40.0484 0x0670 PCIDump - ok
21:13:40.0500 0x0670 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
21:13:40.0625 0x0670 PCIIde - ok
21:13:40.0671 0x0670 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:13:40.0812 0x0670 Pcmcia - ok
21:13:40.0812 0x0670 PDCOMP - ok
21:13:40.0812 0x0670 PDFRAME - ok
21:13:40.0828 0x0670 PDRELI - ok
21:13:40.0828 0x0670 PDRFRAME - ok
21:13:40.0843 0x0670 perc2 - ok
21:13:40.0843 0x0670 perc2hib - ok
21:13:40.0953 0x0670 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
21:13:41.0000 0x0670 PlugPlay - ok
21:13:41.0046 0x0670 [ D31F88C5F19EEFA366A415D6BC5F2ABC, ED998680048286454B92AF0E5917B2BC79A3ADA2632A1DB21D478B0597167F5C ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:13:41.0125 0x0670 Pml Driver HPZ12 - ok
21:13:41.0171 0x0670 [ CF7C1868B90C90A265FC3F60CE46265B, E17E9A9C14AF7CC960506013EAAD51D1BDD9053B96BF7FDCE9C916822B932964 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
21:13:41.0187 0x0670 Point32 - ok
21:13:41.0203 0x0670 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:13:41.0343 0x0670 PolicyAgent - ok
21:13:41.0359 0x0670 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:13:41.0515 0x0670 PptpMiniport - ok
21:13:41.0531 0x0670 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:13:41.0671 0x0670 ProtectedStorage - ok
21:13:41.0687 0x0670 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:13:41.0812 0x0670 PSched - ok
21:13:41.0843 0x0670 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:13:41.0984 0x0670 Ptilink - ok
21:13:42.0078 0x0670 [ D7E32C33C08CCDBD21D47D291F30D35B, 23E583AE9205F1DF8E4EA029018F7F9FE974F9BA7BFD3D0E670CD44D65CCDD8F ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:13:42.0109 0x0670 PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
21:13:52.0187 0x0670 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:13:55.0687 0x0670 ql1080 - ok
21:13:55.0687 0x0670 Ql10wnt - ok
21:13:55.0703 0x0670 ql12160 - ok
21:13:55.0703 0x0670 ql1240 - ok
21:13:55.0718 0x0670 ql1280 - ok
21:13:55.0765 0x0670 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:13:55.0890 0x0670 RasAcd - ok
21:13:55.0937 0x0670 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:13:56.0109 0x0670 RasAuto - ok
21:13:56.0140 0x0670 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:13:56.0281 0x0670 Rasl2tp - ok
21:13:56.0312 0x0670 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:13:56.0468 0x0670 RasMan - ok
21:13:56.0484 0x0670 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:13:56.0671 0x0670 RasPppoe - ok
21:13:56.0687 0x0670 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:13:56.0828 0x0670 Raspti - ok
21:13:56.0859 0x0670 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:13:57.0000 0x0670 Rdbss - ok
21:13:57.0015 0x0670 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:13:57.0171 0x0670 RDPCDD - ok
21:13:57.0265 0x0670 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:13:57.0421 0x0670 rdpdr - ok
21:13:57.0484 0x0670 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:13:57.0515 0x0670 RDPWD - ok
21:13:57.0546 0x0670 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:13:57.0703 0x0670 RDSessMgr - ok
21:13:57.0718 0x0670 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:13:57.0859 0x0670 redbook - ok
21:13:57.0953 0x0670 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:13:58.0109 0x0670 RemoteAccess - ok
21:13:58.0187 0x0670 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:13:58.0609 0x0670 RemoteRegistry - ok
21:13:58.0625 0x0670 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:13:58.0781 0x0670 RpcLocator - ok
21:13:58.0859 0x0670 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:13:58.0937 0x0670 RpcSs - ok
21:13:58.0984 0x0670 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:13:59.0203 0x0670 RSVP - ok
21:13:59.0234 0x0670 [ ACCAEF9F58AE156772BE67DF148C5B3A, 00BB6ECBCD9E7E2A31B70461D3DF93F31DD3EB5F24812E2B8196EE806102BA1B ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
21:13:59.0296 0x0670 RTL8023xp - ok
21:13:59.0343 0x0670 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
21:13:59.0484 0x0670 SamSs - ok
21:13:59.0546 0x0670 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:13:59.0562 0x0670 SASDIFSV - ok
21:13:59.0578 0x0670 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:13:59.0609 0x0670 SASKUTIL - ok
21:13:59.0656 0x0670 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:13:59.0812 0x0670 SCardSvr - ok
21:13:59.0859 0x0670 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:14:00.0031 0x0670 Schedule - ok
21:14:00.0062 0x0670 [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:14:00.0234 0x0670 sdbus - ok
21:14:00.0234 0x0670 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:14:00.0328 0x0670 Secdrv - ok
21:14:00.0343 0x0670 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:14:00.0500 0x0670 seclogon - ok
21:14:00.0515 0x0670 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
21:14:00.0671 0x0670 SENS - ok
21:14:00.0734 0x0670 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:14:00.0875 0x0670 Serial - ok
21:14:00.0953 0x0670 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:14:01.0078 0x0670 Sfloppy - ok
21:14:01.0203 0x0670 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:14:01.0406 0x0670 SharedAccess - ok
21:14:01.0437 0x0670 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:14:01.0484 0x0670 ShellHWDetection - ok
21:14:01.0484 0x0670 Simbad - ok
21:14:01.0500 0x0670 Sparrow - ok
21:14:01.0546 0x0670 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:14:01.0703 0x0670 splitter - ok
21:14:01.0750 0x0670 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:14:01.0781 0x0670 Spooler - ok
21:14:01.0828 0x0670 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] Sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:14:01.0937 0x0670 Sr - ok
21:14:01.0968 0x0670 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
21:14:02.0062 0x0670 srservice - ok
21:14:02.0140 0x0670 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:14:02.0187 0x0670 Srv - ok
21:14:02.0203 0x0670 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:14:02.0343 0x0670 SSDPSRV - ok
21:14:02.0390 0x0670 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:14:02.0562 0x0670 stisvc - ok
21:14:02.0671 0x0670 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:14:02.0828 0x0670 swenum - ok
21:14:02.0843 0x0670 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:14:02.0984 0x0670 swmidi - ok
21:14:03.0000 0x0670 SwPrv - ok
21:14:03.0000 0x0670 symc810 - ok
21:14:03.0015 0x0670 symc8xx - ok
21:14:03.0015 0x0670 sym_hi - ok
21:14:03.0015 0x0670 sym_u3 - ok
21:14:03.0078 0x0670 [ EC39343756C82B2A344B03D1314FB436, EEF435869842FB036695B35B3302B5E8C6611B227C2BBD1BD518A57140D9FAFA ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:14:03.0109 0x0670 SynTP - ok
21:14:03.0140 0x0670 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:14:03.0296 0x0670 sysaudio - ok
21:14:03.0343 0x0670 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:14:03.0500 0x0670 SysmonLog - ok
21:14:03.0546 0x0670 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:14:03.0703 0x0670 TapiSrv - ok
21:14:03.0781 0x0670 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:14:03.0843 0x0670 Tcpip - ok
21:14:03.0875 0x0670 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:14:04.0015 0x0670 TDPIPE - ok
21:14:04.0046 0x0670 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:14:04.0187 0x0670 TDTCP - ok
21:14:04.0203 0x0670 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:14:04.0343 0x0670 TermDD - ok
21:14:04.0453 0x0670 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
21:14:04.0609 0x0670 TermService - ok
21:14:04.0656 0x0670 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
21:14:04.0687 0x0670 Themes - ok
21:14:04.0734 0x0670 [ 10FAB5DE182E0807CCE1F7FF4275A67F, 3D1738E1C93BADB1A095D4E23B6F4ADCC31AC647198DFF43E6437D41D5A4DFA2 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
21:14:04.0750 0x0670 tifm21 - ok
21:14:04.0796 0x0670 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:14:04.0890 0x0670 TlntSvr - ok
21:14:04.0906 0x0670 TosIde - ok
21:14:04.0937 0x0670 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:14:05.0109 0x0670 TrkWks - ok
21:14:05.0140 0x0

Link to comment
Share on other sites

Let's try something.

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

 

Internet Explorer

How to reset Internet Explorer settings

 

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

 

Chrome

Chrome - Reset browser settings

 

Opera

How to Perform a (really) clean Reinstall of Opera

****************

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind

    doubleclick.net

    :folderfind

    doubleclick.net

    :regfind

    doubleclick.net

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • ****

    Next

    Run the tool again using:

    :filefind

    tags.bluekai.com

    :folderfind

    tags.bluekai.com

    :regfind

    tags.bluekai.com

    Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to comment
Share on other sites

Systemlook #1

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:45 on 08/07/2014 by New name
Administrator - Elevation successful

No Context: Quote

========== filefind ==========

Searching for "doubleclick.net"
No files found.

========== folderfind ==========

Searching for "doubleclick.net"
No folders found.

========== regfind ==========

Searching for "doubleclick.ne"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]
[HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]
[HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp]
[HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]

-= EOF =-

 

Systemlook #2

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:49 on 08/07/2014 by New name
Administrator - Elevation successful

No Context: Quote

========== filefind ==========

Searching for "tags.bluekai.com"
No files found.

========== folderfind ==========

Searching for "tags.bluekai.com"
No folders found.

========== regfind ==========

Searching for "tags.bluekai.com"
No data found.

-= EOF =-

 

 

 

Link to comment
Share on other sites

Download OTM by OldTimer Here & save it to your desktop.

  • Double click on OTM.exe to run it
  • Copy & paste the contents inside the Code box below beginning with :Reg into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error

 

 

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]
[-HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net]
[-HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp]
[-HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net]
:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

 

 

Run the SystemLook tool again using:

 

:filefind

bluekai

:folderfind

bluekai

:regfind

bluekai

Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to comment
Share on other sites

Let's try it using FRST

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

REG: Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net"

REG: Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp"

REG: Reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net"

REG: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net"

REG: Reg delete "HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net"

REG: Reg delete "HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp"

REG: Reg delete "HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net"

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

If that fails I'll try an old fashion regfix using windows.

Link to comment
Share on other sites

Sorry about that, I finally got OTM to download.

Log:

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net\ not found.
Registry key HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.ne.jp\ not found.
Registry key HKEY_USERS\S-1-5-21-1957994488-152049171-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doubleclick.net\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: New name
->Temp folder emptied: 535077 bytes
->Temporary Internet Files folder emptied: 51166890 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1252 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115171 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 37279472 bytes

Total Files Cleaned = 85.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: New name
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 07082014_210127

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_868.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_f48.dat moved successfully.

Registry entries deleted on Reboot...

 

Systemlook file:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:09 on 08/07/2014 by New name
Administrator - Elevation successful

No Context: Quote

========== filefind ==========

Searching for "bluekai"
No files found.

========== folderfind ==========

Searching for "bluekai"
No folders found.

========== regfind ==========

Searching for "bluekai"
No data found.

-= EOF =-

Link to comment
Share on other sites

So far, so good. Do I need clean up all the downloads we performed. If so, I will wait until tommorow to make sure everything is still good to go.

Thank you and have a good evening.

I think their gone. I've tried to research what the folder is (P3P\History) that contained these bad boys and, if I'm correct it came from user preferences. What you allow sites to collect or store cookies. Then again I bet I'm wrong cause I didn't go far as an extended search.

 

If you do any kind of scans with these tools still onboard it's possible you'll receive alerts because of the quarantine folders.

 

We can take care of those now. If need be and your still having problems we can download again.

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked

    Also tick:

    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
***

Post back today and let me know what issues remain, if none, I'll post some preventive tips.

Link to comment
Share on other sites

I believe I'm good to go. I will check back tonight to review the preventive tips. I will post the delfix log, if needed. Thank you for your assistance.

 

Delfix:

# DelFix v10.7 - Logfile created 09/07/2014 at 12:33:37
# Updated 27/04/2014 by Xplode
# Username : New name - MATRIXBK-PC
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTM
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.39_07.07.2014_21.09.48_log.txt
Deleted : C:\Documents and Settings\New name\Desktop\Addition.txt
Deleted : C:\Documents and Settings\New name\Desktop\AdwCleaner.exe
Deleted : C:\Documents and Settings\New name\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\New name\Desktop\FRST.exe
Deleted : C:\Documents and Settings\New name\Desktop\FRST.txt
Deleted : C:\Documents and Settings\New name\Desktop\OTM.exe
Deleted : C:\Documents and Settings\New name\Desktop\SystemLook.exe
Deleted : C:\Documents and Settings\New name\Desktop\SystemLook.txt
Deleted : C:\Documents and Settings\New name\Desktop\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

########## - EOF - ##########

Link to comment
Share on other sites

I believe I'm good to go. I will check back tonight to review the preventive tips. I will post the delfix log, if needed. Thank you for your assistance.

 

Delfix:

# DelFix v10.7 - Logfile created 09/07/2014 at 12:33:37
# Updated 27/04/2014 by Xplode
# Username : New name - MATRIXBK-PC
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTM
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.39_07.07.2014_21.09.48_log.txt
Deleted : C:\Documents and Settings\New name\Desktop\Addition.txt
Deleted : C:\Documents and Settings\New name\Desktop\AdwCleaner.exe
Deleted : C:\Documents and Settings\New name\Desktop\Fixlog.txt
Deleted : C:\Documents and Settings\New name\Desktop\FRST.exe
Deleted : C:\Documents and Settings\New name\Desktop\FRST.txt
Deleted : C:\Documents and Settings\New name\Desktop\OTM.exe
Deleted : C:\Documents and Settings\New name\Desktop\SystemLook.exe
Deleted : C:\Documents and Settings\New name\Desktop\SystemLook.txt
Deleted : C:\Documents and Settings\New name\Desktop\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

########## - EOF - ##########

Link to comment
Share on other sites

Your good to go, good job!

 

Please take the time to read over a few of my preventive tips.

 

Computer Security

http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Be prepared for CryptoLocker:

 

Cryptolocker Ransomware: What You Need To Know

 

CryptoLocker Ransomware Information Guide and FAQ

 

to help protect your computer in the future I recommend that you get the following free programmes:

 

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

 

CryptoPrevent.JPG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

AdblockPlus

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...