| Renate1966 | 13.01.2014 22:36 |
Windows XP: Virus Win 32/Trojaner nach Flash player update
Hallo,
nachdem ich dummerweise auf den Hinweis, dass mein Flash Player nicht mehr aktuell sei, auf den angegebenen Link geklickt habe, habe ich mir wohl einen oder gleich mehrere Virus / Trojaner auf den Rechner geladen. Seitdem ist Firefox und Google Chrom geblockt. Ich bekomme dafür jetzt Warnhinweise von "Smart Guard Protection" (was ich wissentlich gar nicht installiert habe ??) : Trojan:JS/Febipos has been detected in application.ex . und dann noch einen Hinweis über einen Virus Win32/Conticker.x.
Internetexplorer läßt sich zwar öffnen, arbeitet aber nicht, sodass ich jetzt nur im abgesicherten Modus die Möglichkeit dies zu posten.
Hier alle Log Daten:
Defogger hat keine Fehlermeldung ausgegeben.
FRST Log File Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014 01
Ran by AGENT2 (administrator) on CONSULT2 on 13-01-2014 18:44:21
Running from C:\Documents and Settings\*****\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) ===================
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
() C:\Documents and Settings\Conny\My Documents\Downloads\Defogger.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Conny\My Documents\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287288 2009-02-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AESTFltr] - C:\Windows\system32\AESTFltr.exe [737280 2009-02-18] (Andrea Electronics Corporation)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [506424 2009-02-18] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-06] (Synaptics Incorporated)
HKLM\...\Run: [HPCam_Menu] - c:\Program Files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM\...\Run: [SafeNetCertMngr] - C:\Program Files\SafeNet\Authentication\SAC\x32\SACMonitor.exe [1923032 2011-10-02] (SafeNet, Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [5764] - C:\Documents and Settings\All Users\msnjtqjs.exe [436223 2008-04-14] ( ())
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-04] (Google Inc.)
HKCU\...\Run: [iLivid] - "C:\Documents and Settings\AGENT2\Local Settings\Application Data\iLivid\iLivid.exe" -autorun
HKCU\...\Run: [Starfield Updater] - C:\Program Files\Workspace\WorkspaceUpdate.exe [35008 2013-11-26] (Starfield Technologies)
HKCU\...\Run: [wben] - C:\Program Files\Workspace\wben.exe [1569488 2013-09-16] (Starfield Technologies, LLC)
HKCU\...\Run: [Workspace Status] - C:\Program Files\Workspace\WorkspaceStatus.exe [694760 2013-11-26] (Starfield Technologies)
HKCU\...\RunOnce: [AS2014] - C:\Documents and Settings\All Users\Application Data\7arn9ggr\7arn9ggr.exe [534544 2014-01-13] ()
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {18933ac6-6b88-11e2-9e03-001f3cdb1150} - F:\Autorun.exe
MountPoints2: {97faf7dc-2969-11e1-9b9d-001f3cdb1150} - F:\AutoRun.exe
MountPoints2: {99a9a062-da16-11e0-9b0a-001f3cdb1150} - F:\AutoRun.exe
MountPoints2: {9b7ea33a-6d5a-11df-98df-001f3cdb1150} - F:\LaunchU3.exe -a
HKU\Others\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-08-04] (Google Inc.)
HKU\Others\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Others\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [ 2006-11-13] (Microsoft Corporation)
AppInit_DLLs: C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll [20480 2013-12-23] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [485376 2013-12-23] () <===== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=n9602-138&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1003&systemid=406&v=a10781-138&apn_uid=6067315657844321&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm174YYhr&ptnrS=HJxdm174YYhr&si=CD9568&ptb=317B7C0F-4E80-4426-BD8C-9C72E5C4A6F9&ind=2012102117&n=77ee3de5&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {FE1D8E3C-C62B-47F3-B28A-E159D91BA3CC} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}&gu=47763617a4e54972b037e8330e0f5fbf&tu=10GXz00BN2C01g0&sku=&tstsId=&ver=&&r=62
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {36272618-C471-4194-8957-2A644CEBFFAC} URL = hxxp://www.mysearchresults.com/search?&c=3504&t=07&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={6BFF314C-4320-4D40-85E7-8ED608CF1818}&mid=5b5c832718225e184e420d68b474ed30-5d2525aa3b011e6d876aee5a9fb17d7575f04542&lang=de&ds=AVG&pr=fr&d=2012-03-01 12:41:23&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1003&systemid=406&v=a10781-138&apn_uid=6067315657844321&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm174YYhr&ptnrS=HJxdm174YYhr&si=CD9568&ptb=317B7C0F-4E80-4426-BD8C-9C72E5C4A6F9&ind=2012102117&n=77ee3de5&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {FE1D8E3C-C62B-47F3-B28A-E159D91BA3CC} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughGA&Lan=en&q={searchTerms}&gu=47763617a4e54972b037e8330e0f5fbf&tu=10GXz00BN2C01g0&sku=&tstsId=&ver=&&r=62
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\AGENT2\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\AGENT2\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
Toolbar: HKLM - Related Searches - {96A25A24-2E87-4374-8A50-CC6F943FCE4D} - C:\Documents and Settings\AGENT2\Application Data\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll (Search Results)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1288212606171
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default
FF user.js: detected! => C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\user.js
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a10781-138&t=4
FF Keyword.URL: hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1003&systemid=406&v=a10781-138&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6067315657844321&o=APN10645&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\AGENT2\Application Data\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\AGENT2\Application Data\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WBE Paste - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-11-26]
FF Extension: VideoDownloadConverter - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2012-12-30]
FF Extension: zonealarm.com - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\ffxtlbr@zonealarm.com [2013-12-12]
FF Extension: Lavasoft Search Plugin - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-01-08]
FF Extension: No Name - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\staged [2013-12-22]
FF Extension: New tab - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\{22DA3B04-FD20-3544-DA68-52829EE1CE45} [2014-01-02]
FF Extension: Default Tab - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\addon@defaulttab.com.xpi [2012-11-14]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-24]
FF Extension: gTranslate - C:\Documents and Settings\AGENT2\Application Data\Mozilla\Firefox\Profiles\8gn5n6ah.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2012-08-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-18]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
FF HKLM\...\Firefox\Extensions: [4zffxtbr@VideoDownloadConverter_4z.com] - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin
FF Extension: VideoDownloadConverter - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012-10-21]
Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a10781-138&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a10781-138&t=4"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1003&systemid=406&v=a10781-138&apn_uid=6067315657844321&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Documents and Settings\AGENT2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
CHR Extension: (Entanglement Web App) - C:\Documents and Settings\AGENT2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0 [2013-09-05]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\AGENT2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13307_0 [2013-08-14]
CHR Extension: (Poppit) - C:\Documents and Settings\AGENT2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 [2011-04-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\AGENT2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Documents and Settings\AGENT2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 [2012-04-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-06]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
========================== Services (Whitelisted) =================
S2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S2 DatamngrCoordinator2; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3447808 2013-12-23] (Bandoo Media Inc.)
S2 DefaultTabUpdate; C:\Documents and Settings\AGENT2\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-11-14] ()
S2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
S2 gupdate1ca3527ee825e13; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-09-14] (Google Inc.)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x32\SACSrv.exe [10200 2011-10-02] (SafeNet, Inc.)
S2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-06] (Skype Technologies S.A.)
S2 STacSV; c:\program files\idt\wdm\STacSV.exe [254042 2009-03-30] (IDT, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
S2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
S3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [113536 2009-02-18] (Andrea Electronics Corporation)
S3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [34472 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2009-01-14] (Broadcom Corporation.)
S3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2009-01-14] (Broadcom Corporation.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [33616 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-01-08] (GFI Software)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
S3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [11616 2010-04-29] (SafeNet, Inc.)
S3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [18080 2010-04-29] (SafeNet, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-07-17] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [482912 2013-10-08] (Kaspersky Lab ZAO)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4202496 2009-03-04] (Intel Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [97408 2007-10-16] (Mobile Connector)
S3 QV2KUX; C:\Windows\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
S3 sembbus; C:\Windows\System32\DRIVERS\sembbus.sys [260992 2008-11-14] (MCCI Corporation)
S3 sembcard; C:\Windows\System32\DRIVERS\sembcard.sys [338048 2008-11-14] (MCCI Corporation)
S3 sembmdfl2; C:\Windows\System32\DRIVERS\sembmdfl2.sys [14976 2008-11-14] (MCCI Corporation)
S3 sembmdm2; C:\Windows\System32\DRIVERS\sembmdm2.sys [382080 2008-11-14] (MCCI Corporation)
S3 sembmgmt; C:\Windows\System32\DRIVERS\sembmgmt.sys [345216 2008-11-14] (MCCI Corporation)
S3 sembnd5; C:\Windows\System32\DRIVERS\sembnd5.sys [24960 2008-11-14] (MCCI Corporation)
S3 sembunic; C:\Windows\System32\DRIVERS\sembunic.sys [344064 2008-11-14] (MCCI Corporation)
S3 sembwwan; C:\Windows\System32\DRIVERS\sembwwan.sys [338048 2008-11-14] (MCCI Corporation)
S3 SEMCReserved; C:\Windows\System32\DRIVERS\semcreserved.sys [17408 2008-11-14] ()
S3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\seu4scard.sys [17920 2008-11-14] (Sony Ericsson)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1550891 2009-03-30] (IDT, Inc.)
R1 Vsdatant; C:\Windows\System32\vsdatant.sys [529128 2013-10-25] (Check Point Software Technologies LTD)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [296960 2009-03-27] (Marvell)
S4 ALCXWDM; system32\drivers\ALCXWDM.SYS [x]
U2 CertPropSvc;
S4 cpuz132; \??\C:\DOCUME~1\AGENT2\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S4 HPZid412; system32\DRIVERS\HPZid412.sys [x]
S4 HPZipr12; system32\DRIVERS\HPZipr12.sys [x]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-10-08] (Kaspersky Lab ZAO)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [21472 2010-04-29] (SafeNet, Inc.)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-13 18:41 - 2014-01-13 18:41 - 00000000 ____D C:\FRST
2014-01-13 18:36 - 2014-01-13 18:36 - 00000000 _____ C:\Documents and Settings\AGENT2\defogger_reenable
2014-01-13 18:09 - 2014-01-13 18:09 - 00001978 _____ C:\Documents and Settings\Conny\Desktop\Smart Guard Protection.lnk
2014-01-13 18:09 - 2014-01-13 18:09 - 00000112 _____ C:\Documents and Settings\Conny\Desktop\Smart Guard Protection support.url
2014-01-13 16:28 - 2014-01-13 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\7arn9ggr
2014-01-13 10:30 - 2014-01-13 16:30 - 00000464 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-02 10:25 - 2014-01-13 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Datamngr
2013-12-26 14:27 - 2013-12-26 14:27 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-12-18 09:42 - 2013-12-18 09:42 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Rockstar Games
2013-12-15 16:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2013-12-15 16:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2013-12-15 16:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2013-12-15 16:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-12-15 16:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-12-15 16:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-12-15 16:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-12-15 16:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-12-15 16:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2013-12-15 16:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2013-12-15 16:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2013-12-15 16:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2013-12-15 16:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2013-12-15 16:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2013-12-15 16:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2013-12-15 16:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2013-12-15 16:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2013-12-15 16:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2013-12-15 16:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2013-12-15 16:00 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2013-12-15 16:00 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2013-12-15 15:59 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2013-12-15 15:59 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2013-12-15 15:59 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2013-12-15 15:59 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2013-12-15 15:59 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2013-12-15 15:59 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2013-12-15 15:59 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2013-12-15 15:59 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2013-12-15 15:59 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2013-12-15 15:59 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2013-12-15 15:59 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2013-12-15 15:59 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2013-12-15 15:59 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2013-12-15 15:59 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2013-12-15 15:59 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2013-12-15 15:59 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2013-12-15 15:59 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2013-12-15 15:59 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2013-12-15 15:59 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2013-12-15 15:59 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2013-12-15 15:59 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2013-12-15 15:59 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2013-12-15 15:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2013-12-15 15:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2013-12-15 15:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2013-12-15 15:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2013-12-15 15:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2013-12-15 15:59 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2013-12-15 15:59 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2013-12-15 15:59 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2013-12-15 15:59 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2013-12-15 15:59 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2013-12-15 15:59 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2013-12-15 15:59 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2013-12-15 15:59 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2013-12-15 15:59 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2013-12-15 15:59 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2013-12-15 15:59 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2013-12-15 15:59 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2013-12-15 15:59 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2013-12-15 15:59 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2013-12-15 15:59 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2013-12-15 15:59 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2013-12-15 15:59 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2013-12-15 15:59 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2013-12-15 15:59 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2013-12-15 15:59 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2013-12-15 15:59 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2013-12-15 15:59 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2013-12-15 15:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2013-12-15 15:59 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2013-12-15 15:59 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2013-12-15 15:59 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2013-12-15 15:59 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2013-12-15 15:59 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2013-12-15 15:59 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2013-12-15 15:59 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2013-12-15 15:59 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2013-12-15 15:59 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2013-12-15 15:59 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2013-12-15 15:59 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2013-12-15 15:59 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2013-12-15 15:59 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2013-12-15 15:59 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2013-12-15 15:59 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2013-12-15 15:59 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll
2013-12-15 15:59 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2013-12-15 15:59 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2013-12-15 15:59 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2013-12-15 15:59 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
==================== One Month Modified Files and Folders =======
2014-01-13 18:41 - 2014-01-13 18:41 - 00000000 ____D C:\FRST
2014-01-13 18:39 - 2011-10-18 19:32 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-13 18:36 - 2014-01-13 18:36 - 00000000 _____ C:\Documents and Settings\AGENT2\defogger_reenable
2014-01-13 18:36 - 2009-07-31 16:03 - 00000000 ____D C:\Documents and Settings\AGENT2
2014-01-13 18:29 - 2014-01-02 10:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Datamngr
2014-01-13 18:29 - 2009-07-31 16:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-13 18:29 - 2009-07-31 16:47 - 00000275 _____ C:\WINDOWS\wiadebug.log
2014-01-13 18:29 - 2009-07-31 16:03 - 00000178 ___SH C:\Documents and Settings\AGENT2\ntuser.ini
2014-01-13 18:29 - 2009-07-31 16:01 - 00032524 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-13 18:29 - 2009-07-31 16:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-13 18:29 - 2009-07-31 15:56 - 01316342 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-13 18:10 - 2013-05-07 08:53 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-13 18:09 - 2014-01-13 18:09 - 00001978 _____ C:\Documents and Settings\Conny\Desktop\Smart Guard Protection.lnk
2014-01-13 18:09 - 2014-01-13 18:09 - 00000112 _____ C:\Documents and Settings\Conny\Desktop\Smart Guard Protection support.url
2014-01-13 18:09 - 2013-05-15 15:16 - 00000000 ____D C:\Documents and Settings\AGENT2\Application Data\Dropbox
2014-01-13 18:07 - 2009-09-14 11:56 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-13 18:00 - 2012-10-05 17:00 - 00000464 _____ C:\WINDOWS\Tasks\At3.job
2014-01-13 17:39 - 2009-09-14 11:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-13 16:43 - 2012-05-10 16:27 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{6B0887E3-08B2-4188-AB21-03D94072836E}.job
2014-01-13 16:38 - 2009-08-04 14:00 - 00000000 ____D C:\Documents and Settings\AGENT2\Local Settings\Application Data\Google
2014-01-13 16:35 - 2014-01-13 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\7arn9ggr
2014-01-13 16:31 - 2009-09-14 11:41 - 00000000 ____D C:\Documents and Settings\AGENT2\Application Data\Skype
2014-01-13 16:30 - 2014-01-13 10:30 - 00000464 _____ C:\WINDOWS\Tasks\DTReg.job
2014-01-13 14:00 - 2012-10-05 17:00 - 00000464 _____ C:\WINDOWS\Tasks\At4.job
2014-01-13 10:30 - 2008-04-14 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-06 20:40 - 2012-10-05 17:00 - 00000464 _____ C:\WINDOWS\Tasks\At2.job
2014-01-06 17:15 - 2010-05-10 12:48 - 00160768 _____ C:\Documents and Settings\AGENT2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-03 21:02 - 2013-12-05 12:09 - 00000000 ____D C:\Documents and Settings\Conny\Desktop\AVUS
2014-01-03 15:42 - 2012-06-05 11:48 - 00000000 ____D C:\Documents and Settings\AGENT2\Application Data\vlc
2014-01-02 10:27 - 2013-10-17 08:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Wincert
2013-12-26 14:58 - 2013-08-15 10:42 - 00000858 _____ C:\WINDOWS\setupact.log
2013-12-26 14:58 - 2013-08-13 16:01 - 00149076 _____ C:\WINDOWS\setupapi.log
2013-12-26 14:27 - 2013-12-26 14:27 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-12-22 20:06 - 2012-10-30 21:12 - 00000000 ____D C:\Documents and Settings\AGENT2\Application Data\VideoDownloadConverter_4z
2013-12-22 20:03 - 2013-10-21 16:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 19:54 - 2013-01-23 20:49 - 00016249 ____H C:\WINDOWS\system32\BTImages.dat
2013-12-20 10:10 - 2012-10-05 17:00 - 00000464 _____ C:\WINDOWS\Tasks\At1.job
2013-12-18 18:23 - 2010-02-12 12:33 - 01165312 __SHC C:\Documents and Settings\Conny\Desktop\Thumbs.db
2013-12-18 09:42 - 2013-12-18 09:42 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-12-18 09:42 - 2009-08-04 13:56 - 00000000 ____D C:\Program Files\Google
2013-12-15 17:29 - 2009-08-03 14:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-15 16:02 - 2013-12-15 16:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Rockstar Games
2013-12-15 16:00 - 2009-07-31 15:56 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-12-15 15:59 - 2009-08-01 13:06 - 00000000 ____D C:\WINDOWS\Microsoft.NET
Files to move or delete:
====================
C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll
C:\Documents and Settings\All Users\msnjtqjs.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
Some content of TEMP:
====================
C:\Documents and Settings\AGENT2\Local Settings\Temp\BundleSweetIMSetup.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\Delta.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\DeltaTB.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\msi52962.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\MybabylonTB.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\propsys.dll
C:\Documents and Settings\AGENT2\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\Uninstall.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\vlc-2.0.8-win32.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\vlc-2.1.2-win32.exe
C:\Documents and Settings\AGENT2\Local Settings\Temp\WSSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Addition Log File Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2014 01
Ran by AGENT2 at 2014-01-13 18:45:00
Running from C:\Documents and Settings\*****\My Documents\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: ZoneAlarm Antivirus (Disabled - Up to date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
==================== Installed Programs ======================
iSaver (Version: - )
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (Version: - )
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (Version: - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 10 (Version: 10 - Innovative Solutions)
Agere Systems HDA Modem (Version: - LSI Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CCleaner (Version: 3.28 - Piriform)
DeepBurner v1.9.0.228 (Version: - )
DefaultTab (Version: 1.2.8.0 - Search Results, LLC) <==== ATTENTION
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX-Setup (Version: 2.5.0.8 - DivX, LLC)
DocProc (Version: 11.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (Version: 2.0.22 - Dropbox, Inc.)
Engel & Völkers ML Regular Font for Windows (Version: 1.0.0 - Engel & Völkers)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EuroTalk Talk Now Plus! (Version: - EuroTalk Interactive Ltd.)
FastStone Photo Resizer 3.0 (Version: 3.0 - FastStone Soft.)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Common Access Service Library (Version: 2.0.6.1 - Hewlett-Packard) Hidden
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP ESU for Microsoft Windows XP (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Imaging Device Functions 10.0 (Version: 10.0 - HP)
HP Integrated Module with Bluetooth wireless technology (Version: 5.5.0.5800 - HP)
HP Photo Creations (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Product Detection (Version: 10.7.8.0 - Hewlett-Packard Company)
HP Quick Launch Buttons 6.50 A1 (Version: 6.50 A1 - Hewlett-Packard)
HP Smart Web Printing (Version: 3.5 - HP)
HP Solution Center 10.0 (Version: 10.0 - HP)
HP Update (Version: 5.002.007.004 - Hewlett-Packard)
HP Webcam (Version: 1.0.2710 - CyberLink Corp.)
HP Webcam (Version: 1.0.2710 - CyberLink Corp.) Hidden
HP Wireless Assistant (Version: 3.50.4.1 - Hewlett-Packard)
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HSDPA USB MODEM version 4.097 (Version: - )
IDT Audio (Version: 1.0.6162.12 - IDT)
Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibreOffice 4.1.0.4 (Version: 4.1.0.4 - The Document Foundation)
Malwarebytes Anti-Malware Version 1.70.0.1100 (Version: 1.70.0.1100 - Malwarebytes Corporation)
Marvell Miniport Driver (Version: 10.68.4.3 - Marvell)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft ActiveSync (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Default Manager (Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Partner (Version: 11.302.06.07.40 - Huawei Technologies Co.,Ltd)
Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 24.0 (x86 de) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (Version: 24.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 10.0 (Version: 10.0 - HP)
PBZ SmartCard Management 6.2 (Version: 6.2.0 - PBZ)
Rockstar Games Social Club (Version: 1.0.0.0 - Rockstar Games)
SafeNet Authentication Client 8.1 SP1 (Version: 8.1.245.0 - SafeNet, Inc.)
SafeNet iKey Driver v4.1.1.5 (Version: 4.1.1 - SafeNet, Inc.)
Skype Click to Call (Version: 6.11.13307 - Skype Technologies S.A.)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrintingOC (Version: 100.0.189.000 - Hewlett-Packard) Hidden <==== ATTENTION
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sony Ericsson MD300 Wireless Modem (Version: 4.40.5.7 - Sony Ericsson)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 12.2.2.0 - Synaptics Incorporated)
System Checkup 3.3 (Version: 3.3.2.34 - iolo technologies, LLC)
System Requirements Lab for Intel (Version: 4.5.13.0 - Husdawg, LLC)
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VeryPDF PDF2Word v3.0 (Version: - VeryPDF.com Inc)
Video Download Converter version 1.0.0.0 (Version: 1.0.0.0 - )
VideoLAN Movie Creator (Version: - )
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Mobile-Ressourcen (Version: 1.0 - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (Version: 2 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (Version: 4.20.0 - win.rar GmbH)
Workspace Desktop (Version: - Starfield Technologies)
ZoneAlarm Antivirus (Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (Version: 12.0.104.000 - Check Point)
ZoneAlarm LTD Toolbar (Version: - Check Point Software Technologies)
ZoneAlarm Security (Version: 12.0.104.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
==================== Restore Points =========================
16-10-2013 12:41:38 System Checkpoint
17-10-2013 14:14:26 System Checkpoint
18-10-2013 15:52:17 System Checkpoint
20-10-2013 19:17:16 System Checkpoint
22-10-2013 09:46:09 Installed Java 7 Update 45
23-10-2013 10:01:24 System Checkpoint
27-10-2013 14:43:58 System Checkpoint
28-10-2013 14:58:10 System Checkpoint
29-10-2013 15:52:35 System Checkpoint
30-10-2013 16:52:06 System Checkpoint
31-10-2013 17:26:44 System Checkpoint
06-11-2013 18:02:13 System Checkpoint
07-11-2013 18:11:30 System Checkpoint
17-11-2013 14:05:05 Software Distribution Service 3.0
20-11-2013 17:59:25 System Checkpoint
21-11-2013 19:03:29 System Checkpoint
25-11-2013 18:59:08 System Checkpoint
03-12-2013 11:32:15 System Checkpoint
04-12-2013 16:57:06 System Checkpoint
05-12-2013 17:07:12 System Checkpoint
07-12-2013 12:29:48 System Checkpoint
09-12-2013 14:43:45 System Checkpoint
11-12-2013 10:02:56 System Checkpoint
11-12-2013 19:33:38 Software Distribution Service 3.0
13-12-2013 12:57:50 System Checkpoint
13-12-2013 18:58:36 Software Distribution Service 3.0
14-12-2013 19:16:45 System Checkpoint
15-12-2013 14:58:00 Installed DirectX
15-12-2013 16:29:23 Installed L.A. Noire
16-12-2013 18:15:44 System Checkpoint
17-12-2013 18:17:38 System Checkpoint
19-12-2013 10:09:10 System Checkpoint
20-12-2013 10:23:15 System Checkpoint
22-12-2013 12:22:52 System Checkpoint
25-12-2013 16:38:56 System Checkpoint
26-12-2013 20:00:34 System Checkpoint
28-12-2013 17:18:19 System Checkpoint
29-12-2013 18:27:08 System Checkpoint
30-12-2013 18:28:53 System Checkpoint
01-01-2014 09:53:52 System Checkpoint
02-01-2014 13:46:26 System Checkpoint
03-01-2014 18:17:56 System Checkpoint
05-01-2014 10:23:22 System Checkpoint
06-01-2014 16:29:18 System Checkpoint
13-01-2014 10:09:17 System Checkpoint
==================== Hosts content: ==========================
2008-04-14 13:00 - 2008-04-14 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Scan (check).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\DTReg.job => C:\Documents and Settings\AGENT2\Application Data\DefaultTab\DefaultTab\DTReg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{6B0887E3-08B2-4188-AB21-03D94072836E}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2014-01-02 10:26 - 2013-12-23 16:57 - 00485376 _____ () C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll
2014-01-02 10:26 - 2013-12-23 16:57 - 00020480 _____ () C:\Program Files\Movies Toolbar\Datamngr\mgrldr.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 13:00 - 2008-04-14 13:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-12-06 10:37 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 10:37 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 10:37 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 10:37 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:96D0C06F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:FB1B13D8
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Faulty Device Manager Devices =============
Name: Marvell Yukon 88E8042 PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8042 PCI-E Fast Ethernet Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Marvell
Service: yukonwxp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2014 06:43:10 PM) (Source: Application Error) (User: )
Description: Faulting application frst.exe, version 0.0.0.0, faulting module frst.exe, version 0.0.0.0, fault address 0x0001fcbe.
Processing media-specific event for [frst.exe!ws!]
Error: (01/13/2014 06:26:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/13/2014 06:21:26 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/13/2014 06:17:10 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/13/2014 06:15:05 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/13/2014 05:29:51 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/13/2014 04:42:49 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (01/13/2014 10:31:20 AM) (Source: Application Error) (User: )
Description: Faulting application update.exe, version 1.6.0.3, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [update.exe!ws!]
Error: (12/29/2013 05:18:43 PM) (Source: Application Error) (User: )
Description: Faulting application qotr.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x010184f8.
Processing media-specific event for [qotr.exe!ws!]
Error: (12/29/2013 01:40:45 PM) (Source: Application Error) (User: )
Description: Faulting application qotr.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00c3c307.
Processing media-specific event for [qotr.exe!ws!]
System errors:
=============
Error: (01/13/2014 06:33:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
KLIF
Error: (01/13/2014 06:32:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/13/2014 06:22:09 PM) (Source: DCOM) (User: CONSULT2)
Description: The server {19D2F415-D58B-46BC-9390-C03DCBC21EB2} did not register with DCOM within the required timeout.
Error: (01/13/2014 06:18:06 PM) (Source: DCOM) (User: CONSULT2)
Description: The server {19D2F415-D58B-46BC-9390-C03DCBC21EB2} did not register with DCOM within the required timeout.
Error: (01/13/2014 06:11:40 PM) (Source: DCOM) (User: CONSULT2)
Description: The server {19D2F415-D58B-46BC-9390-C03DCBC21EB2} did not register with DCOM within the required timeout.
Error: (01/13/2014 06:09:56 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated with the following error:
%%2147500037
Error: (01/13/2014 06:09:54 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
Error: (01/13/2014 05:31:00 PM) (Source: DCOM) (User: CONSULT2)
Description: The server {19D2F415-D58B-46BC-9390-C03DCBC21EB2} did not register with DCOM within the required timeout.
Error: (01/13/2014 05:30:28 PM) (Source: Service Control Manager) (User: )
Description: The Datamngr Coordinator service failed to start due to the following error:
%%1053
Error: (01/13/2014 05:30:28 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Datamngr Coordinator service to connect.
Microsoft Office Sessions:
=========================
Error: (06/05/2012 04:42:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21215 seconds with 2460 seconds of active time. This session ended with a crash.
Error: (04/30/2012 01:45:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13323 seconds with 2820 seconds of active time. This session ended with a crash.
Error: (04/13/2012 07:52:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23493 seconds with 5280 seconds of active time. This session ended with a crash.
Error: (04/10/2012 03:53:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22281 seconds with 4920 seconds of active time. This session ended with a crash.
Error: (03/22/2012 11:58:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1987 seconds with 420 seconds of active time. This session ended with a crash.
Error: (03/12/2012 04:00:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.
Error: (04/15/2012 01:27:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/09/2012 11:45:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2218 seconds with 60 seconds of active time. This session ended with a crash.
Error: (11/25/2011 03:57:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1400 seconds with 60 seconds of active time. This session ended with a crash.
Error: (10/04/2011 09:11:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 2039.23 MB
Available physical RAM: 1289.15 MB
Total Pagefile: 3930.76 MB
Available Pagefile: 3404.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.15 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.65 GB) (Free:42.13 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (New Volume) (Fixed) (Total:200.43 GB) (Free:82.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 7A3CFDCA)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER Log File Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-13 19:20:52
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
WDC_WD3200BEVT-60ZCT1 rev.13.01A13 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\AGENT2\LOCALS~1\Temp\pwldqpog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\vsdatant.sys
ZwConnectPort [0xB98345A2]
SSDT \SystemRoot\System32\vsdatant.sys
ZwCreateFile [0xB982E7CE]
SSDT \SystemRoot\System32\vsdatant.sys
ZwCreateKey [0xB984DB5A]
SSDT \SystemRoot\System32\vsdatant.sys
ZwCreatePort [0xB9834D2E]
SSDT \SystemRoot\System32\vsdatant.sys
ZwCreateProcess [0xB984827A]
SSDT \SystemRoot\System32\vsdatant.sys
ZwCreateProcessEx [0xB9848668]
SSDT \SystemRoot\System32\vsdatant.sys
ZwCreateSection [0xB9851E8C]
SSDT \SystemRoot\System32\vsdatant.sys
ZwCreateWaitablePort [0xB9834E64]
SSDT \SystemRoot\System32\vsdatant.sys
ZwDeleteFile [0xB982F3E6]
SSDT \SystemRoot\System32\vsdatant.sys
ZwDeleteKey [0xB984F4A0]
SSDT \SystemRoot\System32\vsdatant.sys
ZwDeleteValueKey [0xB984EDBA]
SSDT \SystemRoot\System32\vsdatant.sys
ZwDuplicateObject [0xB98471B4]
SSDT \SystemRoot\System32\vsdatant.sys
ZwLoadDriver [0xB982A01E]
SSDT \SystemRoot\System32\vsdatant.sys
ZwLoadKey [0xB984FEAA]
SSDT \SystemRoot\System32\vsdatant.sys
ZwLoadKey2 [0xB98500B2]
SSDT \SystemRoot\System32\vsdatant.sys
ZwMapViewOfSection [0xB98521F4]
SSDT \SystemRoot\System32\vsdatant.sys
ZwOpenFile [0xB982EFEA]
SSDT \SystemRoot\System32\vsdatant.sys
ZwOpenProcess [0xB984A596]
SSDT \SystemRoot\System32\vsdatant.sys
ZwOpenThread [0xB984A1C0]
SSDT \SystemRoot\System32\vsdatant.sys
ZwProtectVirtualMemory [0xB985E8DA]
SSDT \SystemRoot\System32\vsdatant.sys
ZwRenameKey [0xB9850E40]
SSDT \SystemRoot\System32\vsdatant.sys
ZwReplaceKey [0xB9850776]
SSDT \SystemRoot\System32\vsdatant.sys
ZwRequestWaitReplyPort [0xB983416C]
SSDT \SystemRoot\System32\vsdatant.sys
ZwRestoreKey [0xB9851814]
SSDT \SystemRoot\System32\vsdatant.sys
ZwSecureConnectPort [0xB983484A]
SSDT \SystemRoot\System32\vsdatant.sys
ZwSetInformationFile [0xB982F7AA]
SSDT \SystemRoot\System32\vsdatant.sys
ZwSetInformationObject [0xB985E7C6]
SSDT \SystemRoot\System32\vsdatant.sys
ZwSetSecurityObject [0xB9851380]
SSDT \SystemRoot\System32\vsdatant.sys
ZwSetSystemInformation [0xB98297DE]
SSDT \SystemRoot\System32\vsdatant.sys
ZwSetValueKey [0xB984E542]
SSDT \SystemRoot\System32\vsdatant.sys
ZwSystemDebugControl [0xB98492D0]
SSDT \SystemRoot\System32\vsdatant.sys
ZwTerminateProcess [0xB984904C]
SSDT \SystemRoot\System32\vsdatant.sys
ZwUnloadDriver [0xB982A432]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwYieldExecution + 12E
804E48D8 12 Bytes [2E, 4D, 83, B9, 7A, 82, 84, ...]
.text ntoskrnl.exe!ZwYieldExecution + 1FA
804E49A4 12 Bytes [1E, A0, 82, B9, AA, FE, 84, ...] {PUSH DS; MOV
AL, [0xfeaab982]; TEST [ECX-0x467aff4e], BH}
.text ntoskrnl.exe!ZwYieldExecution + 246
804E49F0 4 Bytes [EA, EF, 82, B9]
.text ntoskrnl.exe!ZwYieldExecution + 29A
804E4A44 4 Bytes CALL 8E3103CE
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276] ntdll.dll!NtClose
7C90CFEE 5 Bytes JMP 013083B0 C:\Program Files\Movies
Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 013081F0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 20, D1, 00] {SUB [EAX], AH;
ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 01327750 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 01327840 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 23, D1, 00] {SUB [EBX], AH;
ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 01308160 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 20, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 21, D1, 00] {TEST AL, 0x21;
ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A73A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 22, D1, 00] {TEST AL, 0x22;
ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 21, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 22, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A7AB
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 20, D1, 00] {TEST AL, 0x20;
ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A8D9
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 01308430 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 01308290 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 013084C0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 21, D1, 00] {SUB [ECX], AH;
ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 22, D1, 00] {SUB [EDX], AH;
ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 013278D0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 23, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[276]
ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01308320 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824] ntdll.dll!NtClose
7C90CFEE 5 Bytes JMP 00AD83B0 C:\Program Files\Movies
Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AD81F0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F8, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 00AF7750 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 00AF7840 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, FB, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00AD8160 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F8, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F9, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912612
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, FA, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F9, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, FA, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912683
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F8, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9127B1
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 00AD8430 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00AD8290 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00AD84C0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F9, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, FA, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 00AF78D0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, FB, 4F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[824]
ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00AD8320 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
? C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe[1184]
C:\WINDOWS\system32\ole32.dll time/date stamp mismatch;
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AA83B0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AA81F0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 00AC7750 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 00AC7840 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00AA8160 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 00AA8430 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00AA8290 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00AA84C0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 00AC78D0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1352]
ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00AA8320 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00D283B0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D281F0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 00D47750 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 00D47840 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00D28160 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 73, 00] {TEST AL, 0xa5;
JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9149BE
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 73, 00] {TEST AL, 0xa6;
JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B914A2F
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 73, 00] {TEST AL, 0xa4;
JAE 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914B5D
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 00D28430 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00D28290 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 00D284C0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 00D478D0 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 73, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1424]
ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00D28320 C:\Program
Files\Movies Toolbar\Datamngr\Datamngr.dll
---- Devices - GMER 2.1 ----
Device \Driver\Tcpip \Device\Ip
vsdatant.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0
Wdf01000.sys
Device \Driver\Tcpip \Device\Tcp
vsdatant.sys
Device \Driver\Tcpip \Device\Udp
vsdatant.sys
Device \Driver\Tcpip \Device\RawIp
vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST
vsdatant.sys
Die Malewarebytes Log File muss ich leider als Anhang senden da diese zu groß ist.
Vorab schon mal vielen Dank für die Hilfe.
Viele Grüße |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Farbar Service Scanner 
