Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attempted to run GMER, Instantaneous BSOD


  • This topic is locked This topic is locked
48 replies to this topic

#1 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 05 June 2013 - 03:56 PM

 
 

Windows XP, SP3, Avira, Malwarebytes, CCleaner, TFC, Desktop PC

 

I had a "gut instinct" that something was lurking.....tiny little changes in behaviour etc...so

I Attempted to run GMER....the program did not load.....

It immediately presented a BSOD.

Hard reboot

Renamed it....ran it again....same result

and again....took the .exe out of the name.....bsod again....but PC rebooted itself.

 

Error: Bad_Pool_Header.....0 x 000000019...(0x000020, 0x8A834000, oox8A834828, 0x1B050000 ) +.physical memory dump

Stop: 0x00000019, 0x00000020, 0x8A6A1A08, 0x8A6A2230, 0x1B0500FA...(2nd attempt)

The gmer website tells me the fact that gmer wont open/run suggests malware is responsible

 

Sent gmer to the recycle bin....downloaded it again...immediately renamed to abracadabra.....ran it with same result.

Tried again....got an "acess is denied" message....but the gmer screen presented itself on my desktop !!...so I clicked on scan....it threw a few error messages ,...

access denied etc.....and then told me no malware was present,that nothing had been altered by malware.... but it did Not scan !

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 6:29:14 on 2013-06-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3582.2826 [GMT 10:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\PROGRAM FILES\WIZMOUSE\WizMouse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = c:\windows\system32\Userinit.exe
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [WizMouse] "c:\program files\wizmouse\WizMouse.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [EPSON TX820 Artisan830 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigxp.exe /fu "c:\windows\temp\E_SA5FC.tmp" /EF "HKCU"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\lpuninstall.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: LastPass - c:\documents and settings\hp_administrator\local settings\application data\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - c:\documents and settings\hp_administrator\local settings\application data\lastpass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340269421312
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340269377609
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{BE542B16-241D-40E5-991D-245FDA9CFBEF} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{D1ED57DB-54BC-4A28-882E-3073C1B6101A} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\oel4icua.condobloke 1\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?hl=en|http://www.google.com/news?vanilla=1&edchanged=1&ned=au&authuser=0|http://www.smh.com.au/|abc.net.au/news|http://www.reddit.com/|http://www.dailytelegraph.com.au/
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2013-3-1 16504]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-5-11 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-5-11 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-5-11 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-5-11 84744]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-2-15 233472]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-20 12808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-30 418376]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2013-3-1 225400]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2012-1-19 14976]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-8-14 2829696]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-2-15 37344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-25 22856]
R3 ZCinema_TSHD;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_i386.sys [2009-10-19 21392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-25 701512]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2012-2-18 23608]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-8-26 23456]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-11-24 21504]
S3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\drivers\visctap0901.sys [2012-9-14 33760]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-8-14 468768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-5-8 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-5-8 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-5-8 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-5-8 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-5-8 25704]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-9 132768]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S4 MpKsl2342df69;MpKsl2342df69; [x]
S4 MpKsl58985992;MpKsl58985992; [x]
S4 MpKsl60bc085d;MpKsl60bc085d; [x]
S4 MpKsl701c9bdc;MpKsl701c9bdc; [x]
S4 MpKsl7ee84b91;MpKsl7ee84b91; [x]
S4 MpKslea911972;MpKslea911972; [x]
S4 MpKslfd27adf7;MpKslfd27adf7; [x]
S4 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-10-15 65536]
.
=============== Created Last 30 ================
.
2013-06-05 01:23:44    --------    d-----w-    c:\documents and settings\hp_administrator\application data\JAM Software
2013-06-03 04:25:54    10752    ----a-w-    c:\windows\system32\aamd532.dll
2013-06-02 21:22:58    --------    d-----w-    c:\program files\ESET
2013-06-01 08:46:52    --------    d-----w-    c:\documents and settings\all users\application data\Samsung
2013-05-26 01:03:21    581192    ----a-w-    c:\windows\system32\WinUSBCoInstaller.dll
2013-05-26 01:03:21    1112288    ----a-w-    c:\windows\system32\WdfCoInstaller01007.dll
2013-05-26 00:47:05    --------    d-----w-    c:\program files\MarkAny
2013-05-26 00:46:45    --------    d-----w-    c:\program files\Samsung
2013-05-25 00:57:17    --------    d-----w-    c:\program files\TimeLeft3
2013-05-25 00:57:17    --------    d-----w-    c:\documents and settings\hp_administrator\application data\NesterSoft
2013-05-24 08:26:24    --------    d-----w-    c:\documents and settings\hp_administrator\.smtube
2013-05-23 23:01:38    --------    d-----w-    c:\documents and settings\hp_administrator\local settings\application data\fontconfig
2013-05-23 23:01:06    --------    d-----w-    c:\documents and settings\hp_administrator\.smplayer
2013-05-23 23:00:42    --------    d-----w-    c:\program files\SMPlayer
2013-05-15 09:00:56    --------    d-----w-    c:\program files\LopeSoft
2013-05-11 04:43:51    84744    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-05-11 04:43:51    37352    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2013-05-11 04:43:50    --------    d-----w-    c:\program files\Avira
2013-05-10 00:06:45    53248    ----a-r-    c:\documents and settings\hp_administrator\application data\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
.
==================== Find3M  ====================
.
2013-06-03 03:17:12    4299264    ----a-w-    c:\windows\system32\drivers\RtkHDAud.sys
2013-05-17 01:13:25    16400    -c--a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-05-15 06:03:20    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 06:03:20    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-18 10:09:20    37344    ----a-w-    c:\windows\system32\FsUsbExDisk.Sys
2013-04-16 22:17:15    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-04-16 22:17:14    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55    385024    ------w-    c:\windows\system32\html.iec
2013-04-12 16:00:24    1072544    -c--a-w-    c:\windows\system32\nvdrsdb1.bin
2013-04-12 16:00:24    1    -c--a-w-    c:\windows\system32\nvdrssel.bin
2013-04-12 16:00:19    1072544    -c--a-w-    c:\windows\system32\nvdrsdb0.bin
2013-04-10 01:31:19    1876352    ----a-w-    c:\windows\system32\win32k.sys
2013-04-04 04:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-08 22:53:38    10965504    ----a-w-    c:\program files\common files\lpuninstall.exe
.
============= FINISH:  6:30:04.07 ===============
 

Thank you Quiteman7 for your input.

 

Brian.

 

 

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 June 2013 - 04:10 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.
Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 04:59 AM

Hello Marius,

 

Scan Finished, No malware detected.(as the log is quite short, I have copied and pasted)

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.06.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: BRIANS [administrator]

6/06/2013 7:41:45 PM
mbar-log-2013-06-06 (19-41-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 285770
Time elapsed: 13 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

Brian


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 June 2013 - 05:14 AM

No malware here, but some error loggings we have to engage:


Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    •  
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by TB-Psychotic, 06 June 2013 - 05:15 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 06:02 AM

 
 

Marius, Eset scan run....the two items .ask applications were expected....I run eset online scanner approx once a month, and the .ask application findings are part of the Avira antivirus program which i use as my resident anti virus. The toolbars are Not installed. There were no further threats found.

 

C:\Program Files\Avira\AntiVir Desktop\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application

 

Farbar Service Scanner Log::

Farbar Service Scanner Version: 31-05-2013 01
Ran by HP_Administrator (administrator) on 06-06-2013 at 20:59:44
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Demand. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

ATTENTION!=====> local policy on IP:
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Value: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{19035bf5-426d-4167-a7bc-699834b80135}"


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) HssDrv(11) IPSec(4) NetBT(5) PSched(7) RFCOMM(10) Tcpip(3)
0x0B0000000800000004000000010000000200000003000000050000000600000007000000090000000A0000000B000000

 

**** End of log ****

 

Brian


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 June 2013 - 06:16 AM

Please run the following tool:

 

 

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

 

Do you use any IPSec-Tunnels?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 06:26 AM

 
 

TDSS Log...

 

11:34:38.0109 1476  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:34:38.0968 1476  ============================================================
11:34:38.0968 1476  Current date / time: 2013/06/05 11:34:38.0968
11:34:38.0968 1476  SystemInfo:
11:34:38.0968 1476 
11:34:38.0968 1476  OS Version: 5.1.2600 ServicePack: 3.0
11:34:38.0968 1476  Product type: Workstation
11:34:38.0968 1476  ComputerName: BRIANS
11:34:38.0968 1476  UserName: HP_Administrator
11:34:38.0968 1476  Windows directory: C:\WINDOWS
11:34:38.0968 1476  System windows directory: C:\WINDOWS
11:34:38.0968 1476  Processor architecture: Intel x86
11:34:38.0968 1476  Number of processors: 2
11:34:38.0968 1476  Page size: 0x1000
11:34:38.0968 1476  Boot type: Normal boot
11:34:38.0968 1476  ============================================================
11:34:39.0578 1476  Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:34:39.0593 1476  ============================================================
11:34:39.0593 1476  \Device\Harddisk0\DR0:
11:34:39.0593 1476  MBR partitions:
11:34:39.0593 1476  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02
11:34:39.0593 1476  ============================================================
11:34:39.0656 1476  C: <-> \Device\Harddisk0\DR0\Partition1
11:34:39.0656 1476  ============================================================
11:34:39.0656 1476  Initialize success
11:34:39.0656 1476  ============================================================
11:34:57.0718 0924  ============================================================
11:34:57.0718 0924  Scan started
11:34:57.0718 0924  Mode: Manual;
11:34:57.0718 0924  ============================================================
11:34:57.0937 0924  ================ Scan system memory ========================
11:34:57.0937 0924  System memory - ok
11:34:57.0937 0924  ================ Scan services =============================
11:34:58.0093 0924  [ DAA56817EEE5AFD8F1EF608763D6FAD9 ] 3xHybrid        C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
11:34:58.0125 0924  3xHybrid - ok
11:34:58.0125 0924  Abiosdsk - ok
11:34:58.0125 0924  abp480n5 - ok
11:34:58.0156 0924  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:34:58.0156 0924  ACPI - ok
11:34:58.0171 0924  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:34:58.0171 0924  ACPIEC - ok
11:34:58.0234 0924  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:34:58.0234 0924  AdobeFlashPlayerUpdateSvc - ok
11:34:58.0234 0924  adpu160m - ok
11:34:58.0250 0924  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:34:58.0265 0924  aec - ok
11:34:58.0281 0924  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:34:58.0281 0924  AFD - ok
11:34:58.0281 0924  Aha154x - ok
11:34:58.0296 0924  aic78u2 - ok
11:34:58.0296 0924  aic78xx - ok
11:34:58.0312 0924  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:34:58.0328 0924  Alerter - ok
11:34:58.0343 0924  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:34:58.0343 0924  ALG - ok
11:34:58.0343 0924  AliIde - ok
11:34:58.0343 0924  amsint - ok
11:34:58.0406 0924  [ C2170E010C9B6739A136211FC0427527 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:34:58.0406 0924  AntiVirSchedulerService - ok
11:34:58.0437 0924  [ 47EB3F0EF84E0AF8AE75DB98EEF34255 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:34:58.0437 0924  AntiVirService - ok
11:34:58.0453 0924  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:34:58.0453 0924  AppMgmt - ok
11:34:58.0484 0924  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:34:58.0484 0924  Arp1394 - ok
11:34:58.0500 0924  asc - ok
11:34:58.0500 0924  asc3350p - ok
11:34:58.0500 0924  asc3550 - ok
11:34:58.0593 0924  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:34:58.0593 0924  aspnet_state - ok
11:34:58.0625 0924  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:34:58.0625 0924  AsyncMac - ok
11:34:58.0656 0924  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:34:58.0656 0924  atapi - ok
11:34:58.0656 0924  Atdisk - ok
11:34:58.0671 0924  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:34:58.0671 0924  Atmarpc - ok
11:34:58.0703 0924  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:34:58.0703 0924  AudioSrv - ok
11:34:58.0734 0924  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:34:58.0734 0924  audstub - ok
11:34:58.0765 0924  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:34:58.0765 0924  avgntflt - ok
11:34:58.0781 0924  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:34:58.0781 0924  avipbb - ok
11:34:58.0812 0924  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:34:58.0812 0924  avkmgr - ok
11:34:58.0828 0924  [ 7270D070173B20AC9487EA16BB08B45F ] bb-run          C:\WINDOWS\system32\DRIVERS\bb-run.sys
11:34:58.0828 0924  bb-run - ok
11:34:58.0843 0924  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:34:58.0859 0924  Beep - ok
11:34:58.0890 0924  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:34:58.0890 0924  BITS - ok
11:34:58.0921 0924  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
11:34:58.0921 0924  Browser - ok
11:34:58.0937 0924  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:34:58.0937 0924  BthEnum - ok
11:34:58.0953 0924  [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
11:34:58.0953 0924  BTHMODEM - ok
11:34:58.0968 0924  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:34:58.0968 0924  BthPan - ok
11:34:59.0000 0924  [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
11:34:59.0015 0924  BTHPORT - ok
11:34:59.0031 0924  [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ         C:\WINDOWS\System32\bthserv.dll
11:34:59.0046 0924  BthServ - ok
11:34:59.0062 0924  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:34:59.0062 0924  BTHUSB - ok
11:34:59.0093 0924  [ 50DED7C73E0FB40693EDAB8CAD7C46E7 ] CA561           C:\WINDOWS\system32\Drivers\SPCA561.SYS
11:34:59.0093 0924  CA561 - ok
11:34:59.0125 0924  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:34:59.0125 0924  cbidf2k - ok
11:34:59.0156 0924  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:34:59.0156 0924  CCDECODE - ok
11:34:59.0156 0924  cd20xrnt - ok
11:34:59.0187 0924  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:34:59.0187 0924  Cdaudio - ok
11:34:59.0203 0924  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:34:59.0203 0924  Cdfs - ok
11:34:59.0234 0924  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:34:59.0234 0924  Cdrom - ok
11:34:59.0250 0924  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:34:59.0250 0924  CiSvc - ok
11:34:59.0281 0924  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:34:59.0281 0924  ClipSrv - ok
11:34:59.0312 0924  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:59.0312 0924  clr_optimization_v2.0.50727_32 - ok
11:34:59.0359 0924  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:34:59.0359 0924  clr_optimization_v4.0.30319_32 - ok
11:34:59.0359 0924  CmdIde - ok
11:34:59.0375 0924  COMSysApp - ok
11:34:59.0390 0924  Cpqarray - ok
11:34:59.0390 0924  cpudrv - ok
11:34:59.0421 0924  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:34:59.0421 0924  CryptSvc - ok
11:34:59.0421 0924  dac2w2k - ok
11:34:59.0437 0924  dac960nt - ok
11:34:59.0468 0924  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:34:59.0468 0924  DcomLaunch - ok
11:34:59.0468 0924  dgderdrv - ok
11:34:59.0500 0924  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:34:59.0500 0924  Dhcp - ok
11:34:59.0515 0924  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:34:59.0515 0924  Disk - ok
11:34:59.0515 0924  dmadmin - ok
11:34:59.0546 0924  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:34:59.0546 0924  dmboot - ok
11:34:59.0562 0924  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:34:59.0562 0924  dmio - ok
11:34:59.0593 0924  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:34:59.0593 0924  dmload - ok
11:34:59.0609 0924  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:34:59.0625 0924  dmserver - ok
11:34:59.0656 0924  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:34:59.0656 0924  DMusic - ok
11:34:59.0671 0924  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:34:59.0671 0924  Dnscache - ok
11:34:59.0703 0924  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:34:59.0703 0924  Dot3svc - ok
11:34:59.0718 0924  dpti2o - ok
11:34:59.0734 0924  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:34:59.0734 0924  drmkaud - ok
11:34:59.0765 0924  [ 95E2480DC60ABE97B4D1069097072AF9 ] DrmRAudio       C:\WINDOWS\system32\drivers\DrmRAudio.sys
11:34:59.0765 0924  DrmRAudio - ok
11:34:59.0796 0924  [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32      C:\WINDOWS\system32\Drivers\DrvAgent32.sys
11:34:59.0796 0924  DrvAgent32 - ok
11:34:59.0828 0924  [ 1CD824A565DD4D3A33341F08A7CE44D9 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:34:59.0828 0924  e1express - ok
11:34:59.0843 0924  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:34:59.0859 0924  EapHost - ok
11:34:59.0875 0924  [ 0923AEC043F5D355B4EF0C2B29A362DE ] ELacpi          C:\WINDOWS\system32\DRIVERS\ELacpi.sys
11:34:59.0875 0924  ELacpi - ok
11:34:59.0890 0924  [ CBD71E7772F92BFB85CCC302B2DEEFBA ] ELhid           C:\WINDOWS\System32\Drivers\Elhid.sys
11:34:59.0890 0924  ELhid - ok
11:34:59.0890 0924  [ AC75B576C45D144E146FD1F0576A1F53 ] ELkbd           C:\WINDOWS\System32\Drivers\Elkbd.sys
11:34:59.0906 0924  ELkbd - ok
11:34:59.0906 0924  [ 483CCE5E40137D4E437F4DEF55C80007 ] ELmon           C:\WINDOWS\System32\Drivers\Elmon.sys
11:34:59.0906 0924  ELmon - ok
11:34:59.0906 0924  [ 8E88CAFEAC0812BF2D15BEEEDFCCE8BD ] ELmou           C:\WINDOWS\System32\Drivers\Elmou.sys
11:34:59.0906 0924  ELmou - ok
11:34:59.0921 0924  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:34:59.0937 0924  ERSvc - ok
11:34:59.0953 0924  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
11:34:59.0953 0924  Eventlog - ok
11:34:59.0984 0924  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
11:34:59.0984 0924  EventSystem - ok
11:35:00.0015 0924  [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
11:35:00.0015 0924  exFat - ok
11:35:00.0046 0924  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:35:00.0046 0924  Fastfat - ok
11:35:00.0078 0924  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:35:00.0078 0924  FastUserSwitchingCompatibility - ok
11:35:00.0093 0924  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
11:35:00.0093 0924  Fdc - ok
11:35:00.0109 0924  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:35:00.0109 0924  Fips - ok
11:35:00.0125 0924  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
11:35:00.0125 0924  Flpydisk - ok
11:35:00.0140 0924  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:35:00.0140 0924  FltMgr - ok
11:35:00.0171 0924  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:35:00.0187 0924  FontCache3.0.0.0 - ok
11:35:00.0203 0924  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
11:35:00.0203 0924  FsUsbExDisk - ok
11:35:00.0218 0924  [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
11:35:00.0218 0924  FsUsbExService - ok
11:35:00.0250 0924  [ C865B83411D7347627A4BEEC22543FB1 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:35:00.0250 0924  Fs_Rec - ok
11:35:00.0281 0924  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:35:00.0281 0924  Ftdisk - ok
11:35:00.0296 0924  [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2         C:\WINDOWS\system32\DRIVERS\ftsata2.sys
11:35:00.0296 0924  ftsata2 - ok
11:35:00.0328 0924  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:35:00.0328 0924  GEARAspiWDM - ok
11:35:00.0343 0924  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:35:00.0359 0924  Gpc - ok
11:35:00.0375 0924  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:35:00.0375 0924  HDAudBus - ok
11:35:00.0437 0924  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:35:00.0437 0924  helpsvc - ok
11:35:00.0453 0924  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:35:00.0468 0924  HidServ - ok
11:35:00.0484 0924  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:35:00.0484 0924  HidUsb - ok
11:35:00.0500 0924  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:35:00.0515 0924  hkmsvc - ok
11:35:00.0578 0924  [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
11:35:00.0578 0924  HP Port Resolver - ok
11:35:00.0593 0924  [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
11:35:00.0593 0924  HP Status Server - ok
11:35:00.0593 0924  hpn - ok
11:35:00.0609 0924  [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:35:00.0609 0924  HPZid412 - ok
11:35:00.0625 0924  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:35:00.0625 0924  HPZipr12 - ok
11:35:00.0640 0924  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:35:00.0640 0924  HPZius12 - ok
11:35:00.0671 0924  [ 4F28652EC514FA1BA473BC1A695A5C98 ] HssDrv          C:\WINDOWS\system32\DRIVERS\HssDrv.sys
11:35:00.0671 0924  HssDrv - ok
11:35:00.0703 0924  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:35:00.0703 0924  HTTP - ok
11:35:00.0750 0924  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:35:00.0750 0924  HTTPFilter - ok
11:35:00.0750 0924  i2omgmt - ok
11:35:00.0765 0924  i2omp - ok
11:35:00.0781 0924  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:35:00.0781 0924  i8042prt - ok
11:35:00.0828 0924  [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:35:00.0828 0924  IAANTMON - ok
11:35:00.0859 0924  [ 019CF5F31C67030841233C545A0E217A ] iaStor          C:\WINDOWS\system32\DRIVERS\iastor.sys
11:35:00.0859 0924  iaStor - ok
11:35:00.0906 0924  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:35:00.0984 0924  idsvc - ok
11:35:00.0984 0924  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:35:01.0000 0924  Imapi - ok
11:35:01.0015 0924  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:35:01.0015 0924  ImapiService - ok
11:35:01.0031 0924  ini910u - ok
11:35:01.0140 0924  [ AB2FE0FAA519880BD16E4A0792D633D2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:35:01.0171 0924  IntcAzAudAddService - ok
11:35:01.0203 0924  [ 386F3F1AD783F3312C057FB8699AE09B ] Intel® PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
11:35:01.0203 0924  Intel® PROSet Monitoring Service - ok
11:35:01.0203 0924  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:35:01.0203 0924  IntelIde - ok
11:35:01.0218 0924  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:35:01.0234 0924  intelppm - ok
11:35:01.0250 0924  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:35:01.0250 0924  Ip6Fw - ok
11:35:01.0250 0924  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:35:01.0250 0924  IpFilterDriver - ok
11:35:01.0265 0924  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:35:01.0265 0924  IpInIp - ok
11:35:01.0281 0924  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:35:01.0281 0924  IpNat - ok
11:35:01.0312 0924  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:35:01.0312 0924  IPSec - ok
11:35:01.0328 0924  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:35:01.0328 0924  IRENUM - ok
11:35:01.0343 0924  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:35:01.0343 0924  isapnp - ok
11:35:01.0359 0924  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:35:01.0359 0924  Kbdclass - ok
11:35:01.0375 0924  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:35:01.0375 0924  kbdhid - ok
11:35:01.0390 0924  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:35:01.0390 0924  kmixer - ok
11:35:01.0421 0924  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:35:01.0421 0924  KSecDD - ok
11:35:01.0437 0924  [ 151D8C22A57025D0619D9ED452A4F1FF ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
11:35:01.0437 0924  L8042Kbd - ok
11:35:01.0468 0924  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:35:01.0468 0924  lanmanserver - ok
11:35:01.0484 0924  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:35:01.0500 0924  lanmanworkstation - ok
11:35:01.0515 0924  [ 2679400B165189E8C5288B8A984AE39A ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:35:01.0515 0924  LBeepKE - ok
11:35:01.0515 0924  lbrtfdc - ok
11:35:01.0593 0924  [ 7AC2D769C4C29D0C8D58C0FB8528FD82 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:35:01.0593 0924  LBTServ - ok
11:35:01.0640 0924  [ 006540C9CDC7E72ADD1435CF778EC674 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:35:01.0640 0924  LHidFilt - ok
11:35:01.0656 0924  [ B280C4608AC389DA9515A35AC4CAB0FD ] libusb0         C:\WINDOWS\system32\drivers\libusb0.sys
11:35:01.0656 0924  libusb0 - ok
11:35:01.0687 0924  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:35:01.0687 0924  LmHosts - ok
11:35:01.0703 0924  [ 3C5BA4B2E4D1180BF9810963A494799A ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:35:01.0703 0924  LMouFilt - ok
11:35:01.0718 0924  [ 49F629541C91371FE3AAA2F8728555D9 ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:35:01.0734 0924  LUsbFilt - ok
11:35:01.0750 0924  [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
11:35:01.0750 0924  LVPr2Mon - ok
11:35:01.0781 0924  [ 2333057542C91AE8228BDCCC2E5F2632 ] LVPrcSrv        C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
11:35:01.0781 0924  LVPrcSrv - ok
11:35:01.0812 0924  [ BA1347822D01B2D29C14CF09663A6457 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:35:01.0812 0924  LVRS - ok
11:35:01.0937 0924  [ E2C99D3B692BA2173114C9DF79313B70 ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:35:01.0968 0924  LVUVC - ok
11:35:02.0000 0924  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:35:02.0000 0924  MBAMProtector - ok
11:35:02.0046 0924  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:35:02.0046 0924  MBAMScheduler - ok
11:35:02.0078 0924  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:35:02.0078 0924  MBAMService - ok
11:35:02.0140 0924  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
11:35:02.0140 0924  McrdSvc - ok
11:35:02.0156 0924  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:35:02.0156 0924  Messenger - ok
11:35:02.0187 0924  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
11:35:02.0203 0924  MHN - ok
11:35:02.0218 0924  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11:35:02.0218 0924  MHNDRV - ok
11:35:02.0234 0924  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:35:02.0234 0924  mnmdd - ok
11:35:02.0265 0924  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:35:02.0265 0924  mnmsrvc - ok
11:35:02.0281 0924  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:35:02.0281 0924  Modem - ok
11:35:02.0312 0924  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:35:02.0312 0924  Mouclass - ok
11:35:02.0328 0924  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:35:02.0328 0924  mouhid - ok
11:35:02.0359 0924  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:35:02.0359 0924  MountMgr - ok
11:35:02.0359 0924  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
11:35:02.0359 0924  MPE - ok
11:35:02.0375 0924  MpKsl2342df69 - ok
11:35:02.0375 0924  MpKsl58985992 - ok
11:35:02.0390 0924  MpKsl60bc085d - ok
11:35:02.0390 0924  MpKsl701c9bdc - ok
11:35:02.0390 0924  MpKsl7ee84b91 - ok
11:35:02.0406 0924  MpKslea911972 - ok
11:35:02.0406 0924  MpKslfd27adf7 - ok
11:35:02.0421 0924  mraid35x - ok
11:35:02.0437 0924  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:35:02.0437 0924  MRxDAV - ok
11:35:02.0468 0924  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:35:02.0484 0924  MRxSmb - ok
11:35:02.0500 0924  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:35:02.0500 0924  Msfs - ok
11:35:02.0515 0924  MSIServer - ok
11:35:02.0531 0924  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:35:02.0531 0924  MSKSSRV - ok
11:35:02.0546 0924  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:35:02.0546 0924  MSPCLOCK - ok
11:35:02.0562 0924  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:35:02.0562 0924  MSPQM - ok
11:35:02.0578 0924  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:35:02.0578 0924  mssmbios - ok
11:35:02.0593 0924  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:35:02.0593 0924  MSTEE - ok
11:35:02.0609 0924  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:35:02.0609 0924  Mup - ok
11:35:02.0640 0924  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:35:02.0640 0924  NABTSFEC - ok
11:35:02.0671 0924  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:35:02.0703 0924  napagent - ok
11:35:02.0734 0924  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:35:02.0734 0924  NDIS - ok
11:35:02.0750 0924  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:35:02.0750 0924  NdisIP - ok
11:35:02.0765 0924  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:35:02.0781 0924  NdisTapi - ok
11:35:02.0796 0924  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:35:02.0796 0924  Ndisuio - ok
11:35:02.0812 0924  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:35:02.0812 0924  NdisWan - ok
11:35:02.0843 0924  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:35:02.0843 0924  NDProxy - ok
11:35:02.0859 0924  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:35:02.0859 0924  NetBIOS - ok
11:35:02.0890 0924  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:35:02.0890 0924  NetBT - ok
11:35:02.0921 0924  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:35:02.0921 0924  NetDDE - ok
11:35:02.0921 0924  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:35:02.0921 0924  NetDDEdsdm - ok
11:35:02.0953 0924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:35:02.0953 0924  Netlogon - ok
11:35:02.0968 0924  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:35:02.0968 0924  Netman - ok
11:35:02.0984 0924  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:35:02.0984 0924  NetTcpPortSharing - ok
11:35:03.0000 0924  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:35:03.0015 0924  NIC1394 - ok
11:35:03.0031 0924  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:35:03.0031 0924  Nla - ok
11:35:03.0062 0924  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:35:03.0062 0924  Npfs - ok
11:35:03.0109 0924  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:35:03.0109 0924  Ntfs - ok
11:35:03.0125 0924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:35:03.0125 0924  NtLmSsp - ok
11:35:03.0156 0924  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:35:03.0171 0924  NtmsSvc - ok
11:35:03.0187 0924  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:35:03.0187 0924  Null - ok
11:35:03.0484 0924  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:35:03.0578 0924  nv - ok
11:35:03.0609 0924  [ 5150B108EA88831E1C599603D8B89621 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
11:35:03.0609 0924  NVSvc - ok
11:35:03.0640 0924  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:35:03.0640 0924  NwlnkFlt - ok
11:35:03.0656 0924  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:35:03.0656 0924  NwlnkFwd - ok
11:35:03.0671 0924  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:35:03.0671 0924  ohci1394 - ok
11:35:03.0703 0924  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:35:03.0703 0924  Parport - ok
11:35:03.0718 0924  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:35:03.0718 0924  PartMgr - ok
11:35:03.0734 0924  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:35:03.0734 0924  ParVdm - ok
11:35:03.0734 0924  PCAMPR5 - ok
11:35:03.0750 0924  pccsmcfd - ok
11:35:03.0765 0924  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:35:03.0765 0924  PCI - ok
11:35:03.0765 0924  PCIDump - ok
11:35:03.0781 0924  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:35:03.0781 0924  PCIIde - ok
11:35:03.0812 0924  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:35:03.0812 0924  Pcmcia - ok
11:35:03.0843 0924  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
11:35:03.0843 0924  pcouffin - ok
11:35:03.0843 0924  PDCOMP - ok
11:35:03.0859 0924  PDFRAME - ok
11:35:03.0859 0924  PDRELI - ok
11:35:03.0859 0924  PDRFRAME - ok
11:35:03.0875 0924  perc2 - ok
11:35:03.0875 0924  perc2hib - ok
11:35:03.0890 0924  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:35:03.0906 0924  PlugPlay - ok
11:35:03.0921 0924  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
11:35:03.0921 0924  Pml Driver HPZ12 - ok
11:35:03.0937 0924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:35:03.0937 0924  PolicyAgent - ok
11:35:03.0937 0924  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:35:03.0937 0924  PptpMiniport - ok
11:35:03.0968 0924  [ 81DBFB92EC47CAC5A7DBAC688886C212 ] Printer Control C:\WINDOWS\system32\PrintCtrl.exe
11:35:03.0968 0924  Printer Control - ok
11:35:03.0968 0924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:35:03.0968 0924  ProtectedStorage - ok
11:35:04.0015 0924  [ 390C204CED3785609AB24E9C52054A84 ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys
11:35:04.0015 0924  Ps2 - ok
11:35:04.0031 0924  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:35:04.0031 0924  PSched - ok
11:35:04.0046 0924  [ 2BD2E42E36623273261A57E6F27791AC ] pssnap          C:\WINDOWS\system32\DRIVERS\pssnap.sys
11:35:04.0046 0924  pssnap - ok
11:35:04.0078 0924  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:35:04.0078 0924  Ptilink - ok
11:35:04.0093 0924  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:35:04.0093 0924  PxHelp20 - ok
11:35:04.0093 0924  ql1080 - ok
11:35:04.0109 0924  Ql10wnt - ok
11:35:04.0109 0924  ql12160 - ok
11:35:04.0109 0924  ql1240 - ok
11:35:04.0125 0924  ql1280 - ok
11:35:04.0140 0924  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:35:04.0140 0924  RasAcd - ok
11:35:04.0156 0924  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:35:04.0171 0924  RasAuto - ok
11:35:04.0187 0924  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:35:04.0187 0924  Rasl2tp - ok
11:35:04.0218 0924  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:35:04.0218 0924  RasMan - ok
11:35:04.0234 0924  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:35:04.0234 0924  RasPppoe - ok
11:35:04.0281 0924  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:35:04.0281 0924  Raspti - ok
11:35:04.0296 0924  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:35:04.0296 0924  Rdbss - ok
11:35:04.0296 0924  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:35:04.0296 0924  RDPCDD - ok
11:35:04.0328 0924  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:35:04.0343 0924  rdpdr - ok
11:35:04.0375 0924  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:35:04.0375 0924  RDPWD - ok
11:35:04.0406 0924  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:35:04.0406 0924  RDSessMgr - ok
11:35:04.0421 0924  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:35:04.0421 0924  redbook - ok
11:35:04.0468 0924  [ 3ECAFFA92BBE7407F5405820DFE8D740 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
11:35:04.0468 0924  ReflectService.exe - ok
11:35:04.0500 0924  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:35:04.0500 0924  RemoteAccess - ok
11:35:04.0531 0924  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:35:04.0531 0924  RemoteRegistry - ok
11:35:04.0562 0924  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:35:04.0562 0924  RFCOMM - ok
11:35:04.0578 0924  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
11:35:04.0578 0924  ROOTMODEM - ok
11:35:04.0593 0924  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:35:04.0609 0924  RpcLocator - ok
11:35:04.0625 0924  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
11:35:04.0640 0924  RpcSs - ok
11:35:04.0671 0924  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:35:04.0671 0924  RSVP - ok
11:35:04.0687 0924  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:35:04.0687 0924  rtl8139 - ok
11:35:04.0703 0924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:35:04.0703 0924  SamSs - ok
11:35:04.0718 0924  [ 729248B54AFF21E740054ACEBFDBCB1C ] SBKUPNT         C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
11:35:04.0718 0924  SBKUPNT - ok
11:35:04.0750 0924  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:35:04.0750 0924  SCardSvr - ok
11:35:04.0781 0924  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:35:04.0781 0924  Schedule - ok
11:35:04.0796 0924  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:35:04.0796 0924  Secdrv - ok
11:35:04.0828 0924  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:35:04.0828 0924  seclogon - ok
11:35:04.0843 0924  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:35:04.0843 0924  SENS - ok
11:35:04.0859 0924  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:35:04.0859 0924  Serenum - ok
11:35:04.0875 0924  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
11:35:04.0875 0924  Serial - ok
11:35:04.0906 0924  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:35:04.0906 0924  Sfloppy - ok
11:35:04.0937 0924  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:35:04.0953 0924  SharedAccess - ok
11:35:04.0968 0924  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:35:04.0968 0924  ShellHWDetection - ok
11:35:04.0968 0924  Simbad - ok
11:35:05.0000 0924  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:35:05.0000 0924  SLIP - ok
11:35:05.0015 0924  [ D72A21424CA66C7A745BD995ECA6A710 ] SMBios          C:\WINDOWS\system32\DRIVERS\SMBios.sys
11:35:05.0015 0924  SMBios - ok
11:35:05.0031 0924  Sparrow - ok
11:35:05.0062 0924  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:35:05.0062 0924  splitter - ok
11:35:05.0078 0924  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:35:05.0093 0924  Spooler - ok
11:35:05.0109 0924  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:35:05.0109 0924  sr - ok
11:35:05.0140 0924  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:35:05.0140 0924  srservice - ok
11:35:05.0171 0924  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:35:05.0171 0924  Srv - ok
11:35:05.0203 0924  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:35:05.0203 0924  SSDPSRV - ok
11:35:05.0218 0924  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:35:05.0218 0924  ssmdrv - ok
11:35:05.0250 0924  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
11:35:05.0250 0924  StillCam - ok
11:35:05.0281 0924  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:35:05.0281 0924  stisvc - ok
11:35:05.0296 0924  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:35:05.0312 0924  streamip - ok
11:35:05.0312 0924  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:35:05.0312 0924  swenum - ok
11:35:05.0328 0924  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:35:05.0328 0924  swmidi - ok
11:35:05.0328 0924  SwPrv - ok
11:35:05.0343 0924  symc810 - ok
11:35:05.0359 0924  symc8xx - ok
11:35:05.0359 0924  sym_hi - ok
11:35:05.0359 0924  sym_u3 - ok
11:35:05.0375 0924  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:35:05.0375 0924  sysaudio - ok
11:35:05.0406 0924  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:35:05.0406 0924  SysmonLog - ok
11:35:05.0437 0924  [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
11:35:05.0437 0924  tap0901 - ok
11:35:05.0468 0924  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
11:35:05.0468 0924  taphss - ok
11:35:05.0484 0924  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:35:05.0500 0924  TapiSrv - ok
11:35:05.0515 0924  [ 4D46F63F7DDC2442941D63327C360B90 ] tbhsd           C:\WINDOWS\system32\drivers\tbhsd.sys
11:35:05.0515 0924  tbhsd - ok
11:35:05.0546 0924  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:35:05.0546 0924  Tcpip - ok
11:35:05.0578 0924  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:35:05.0578 0924  TDPIPE - ok
11:35:05.0593 0924  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:35:05.0593 0924  TDTCP - ok
11:35:05.0640 0924  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:35:05.0640 0924  TermDD - ok
11:35:05.0671 0924  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
11:35:05.0671 0924  TermService - ok
11:35:05.0687 0924  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:35:05.0687 0924  Themes - ok
11:35:05.0718 0924  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:35:05.0718 0924  TlntSvr - ok
11:35:05.0750 0924  [ AD866D83B4F0391AECCEB4E507011831 ] tmcomm          C:\WINDOWS\system32\drivers\tmcomm.sys
11:35:05.0750 0924  tmcomm - ok
11:35:05.0750 0924  TosIde - ok
11:35:05.0765 0924  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:35:05.0781 0924  TrkWks - ok
11:35:05.0796 0924  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:35:05.0796 0924  Udfs - ok
11:35:05.0812 0924  ultra - ok
11:35:05.0828 0924  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:35:05.0828 0924  Update - ok
11:35:05.0843 0924  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:35:05.0859 0924  upnphost - ok
11:35:05.0875 0924  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:35:05.0875 0924  UPS - ok
11:35:05.0890 0924  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:35:05.0890 0924  usbaudio - ok
11:35:05.0921 0924  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:35:05.0921 0924  usbccgp - ok
11:35:05.0937 0924  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:35:05.0937 0924  usbehci - ok
11:35:05.0968 0924  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:35:05.0968 0924  usbhub - ok
11:35:05.0984 0924  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:35:05.0984 0924  usbprint - ok
11:35:06.0000 0924  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:35:06.0000 0924  usbscan - ok
11:35:06.0000 0924  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:35:06.0015 0924  usbstor - ok
11:35:06.0015 0924  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:35:06.0031 0924  usbuhci - ok
11:35:06.0046 0924  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:35:06.0046 0924  usbvideo - ok
11:35:06.0062 0924  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:35:06.0062 0924  usb_rndisx - ok
11:35:06.0078 0924  VComm - ok
11:35:06.0078 0924  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:35:06.0078 0924  VgaSave - ok
11:35:06.0093 0924  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
11:35:06.0093 0924  ViaIde - ok
11:35:06.0125 0924  [ C25A1D40621C05F1107A418B07915D97 ] visctap0901     C:\WINDOWS\system32\DRIVERS\visctap0901.sys
11:35:06.0125 0924  visctap0901 - ok
11:35:06.0140 0924  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:35:06.0140 0924  VolSnap - ok
11:35:06.0203 0924  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:35:06.0203 0924  VSS - ok
11:35:06.0234 0924  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
11:35:06.0234 0924  W32Time - ok
11:35:06.0250 0924  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:35:06.0265 0924  Wanarp - ok
11:35:06.0281 0924  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:35:06.0281 0924  Wdf01000 - ok
11:35:06.0296 0924  WDICA - ok
11:35:06.0312 0924  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:35:06.0312 0924  wdmaud - ok
11:35:06.0328 0924  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:35:06.0343 0924  WebClient - ok
11:35:06.0375 0924  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:35:06.0375 0924  winmgmt - ok
11:35:06.0421 0924  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
11:35:06.0421 0924  WinUSB - ok
11:35:06.0453 0924  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:35:06.0453 0924  WmdmPmSN - ok
11:35:06.0484 0924  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:35:06.0484 0924  Wmi - ok
11:35:06.0515 0924  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:35:06.0515 0924  WmiApSrv - ok
11:35:06.0593 0924  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:35:06.0593 0924  WMPNetworkSvc - ok
11:35:06.0640 0924  [ B72D232E46FF5EE2BD8F61498B748DF7 ] WN5301          C:\WINDOWS\system32\DRIVERS\wn5301.sys
11:35:06.0640 0924  WN5301 - ok
11:35:06.0656 0924  [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:35:06.0656 0924  WpdUsb - ok
11:35:06.0718 0924  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:35:06.0718 0924  WPFFontCache_v0400 - ok
11:35:06.0750 0924  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
11:35:06.0750 0924  WsAudio_DeviceS(1) - ok
11:35:06.0765 0924  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
11:35:06.0765 0924  WsAudio_DeviceS(2) - ok
11:35:06.0781 0924  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
11:35:06.0781 0924  WsAudio_DeviceS(3) - ok
11:35:06.0812 0924  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
11:35:06.0812 0924  WsAudio_DeviceS(4) - ok
11:35:06.0828 0924  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
11:35:06.0843 0924  WsAudio_DeviceS(5) - ok
11:35:06.0859 0924  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:35:06.0875 0924  wscsvc - ok
11:35:06.0890 0924  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:35:06.0890 0924  WSTCODEC - ok
11:35:06.0906 0924  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:35:06.0921 0924  wuauserv - ok
11:35:06.0937 0924  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:35:06.0937 0924  WudfPf - ok
11:35:06.0968 0924  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:35:06.0968 0924  WudfRd - ok
11:35:06.0968 0924  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:35:06.0984 0924  WudfSvc - ok
11:35:07.0015 0924  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:35:07.0031 0924  WZCSVC - ok
11:35:07.0046 0924  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:35:07.0062 0924  xmlprov - ok
11:35:07.0078 0924  [ 8DF1397D04FD64653D58C19B56B0615B ] ZCinema_TSHD    C:\WINDOWS\system32\drivers\ZCinema_SRS_i386.sys
11:35:07.0078 0924  ZCinema_TSHD - ok
11:35:07.0109 0924  ================ Scan global ===============================
11:35:07.0125 0924  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:35:07.0156 0924  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:35:07.0171 0924  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:35:07.0187 0924  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:35:07.0203 0924  [Global] - ok
11:35:07.0203 0924  ================ Scan MBR ==================================
11:35:07.0218 0924  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:35:07.0359 0924  \Device\Harddisk0\DR0 - ok
11:35:07.0359 0924  ================ Scan VBR ==================================
11:35:07.0359 0924  [ BF113BE2FB12F6E412C22C212ACAD314 ] \Device\Harddisk0\DR0\Partition1
11:35:07.0359 0924  \Device\Harddisk0\DR0\Partition1 - ok
11:35:07.0359 0924  ============================================================
11:35:07.0359 0924  Scan finished
11:35:07.0359 0924  ============================================================
11:35:07.0375 3380  Detected object count: 0
11:35:07.0375 3380  Actual detected object count: 0
11:35:24.0718 1152  ============================================================
11:35:24.0718 1152  Scan started
11:35:24.0718 1152  Mode: Manual; TDLFS;
11:35:24.0718 1152  ============================================================
11:35:24.0921 1152  ================ Scan system memory ========================
11:35:24.0921 1152  System memory - ok
11:35:24.0921 1152  ================ Scan services =============================
11:35:25.0078 1152  [ DAA56817EEE5AFD8F1EF608763D6FAD9 ] 3xHybrid        C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
11:35:25.0093 1152  3xHybrid - ok
11:35:25.0093 1152  Abiosdsk - ok
11:35:25.0093 1152  abp480n5 - ok
11:35:25.0125 1152  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:35:25.0125 1152  ACPI - ok
11:35:25.0140 1152  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:35:25.0140 1152  ACPIEC - ok
11:35:25.0203 1152  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:35:25.0203 1152  AdobeFlashPlayerUpdateSvc - ok
11:35:25.0203 1152  adpu160m - ok
11:35:25.0234 1152  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:35:25.0234 1152  aec - ok
11:35:25.0250 1152  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:35:25.0250 1152  AFD - ok
11:35:25.0265 1152  Aha154x - ok
11:35:25.0265 1152  aic78u2 - ok
11:35:25.0265 1152  aic78xx - ok
11:35:25.0296 1152  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:35:25.0296 1152  Alerter - ok
11:35:25.0312 1152  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:35:25.0312 1152  ALG - ok
11:35:25.0312 1152  AliIde - ok
11:35:25.0312 1152  amsint - ok
11:35:25.0375 1152  [ C2170E010C9B6739A136211FC0427527 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:35:25.0375 1152  AntiVirSchedulerService - ok
11:35:25.0406 1152  [ 47EB3F0EF84E0AF8AE75DB98EEF34255 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:35:25.0406 1152  AntiVirService - ok
11:35:25.0421 1152  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:35:25.0421 1152  AppMgmt - ok
11:35:25.0453 1152  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:35:25.0453 1152  Arp1394 - ok
11:35:25.0468 1152  asc - ok
11:35:25.0468 1152  asc3350p - ok
11:35:25.0468 1152  asc3550 - ok
11:35:25.0546 1152  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:35:25.0546 1152  aspnet_state - ok
11:35:25.0562 1152  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:35:25.0562 1152  AsyncMac - ok
11:35:25.0593 1152  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:35:25.0593 1152  atapi - ok
11:35:25.0593 1152  Atdisk - ok
11:35:25.0609 1152  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:35:25.0609 1152  Atmarpc - ok
11:35:25.0625 1152  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:35:25.0625 1152  AudioSrv - ok
11:35:25.0640 1152  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:35:25.0640 1152  audstub - ok
11:35:25.0671 1152  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:35:25.0671 1152  avgntflt - ok
11:35:25.0703 1152  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:35:25.0703 1152  avipbb - ok
11:35:25.0734 1152  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:35:25.0734 1152  avkmgr - ok
11:35:25.0750 1152  [ 7270D070173B20AC9487EA16BB08B45F ] bb-run          C:\WINDOWS\system32\DRIVERS\bb-run.sys
11:35:25.0750 1152  bb-run - ok
11:35:25.0765 1152  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:35:25.0765 1152  Beep - ok
11:35:25.0796 1152  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:35:25.0796 1152  BITS - ok
11:35:25.0828 1152  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
11:35:25.0828 1152  Browser - ok
11:35:25.0843 1152  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:35:25.0843 1152  BthEnum - ok
11:35:25.0859 1152  [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
11:35:25.0859 1152  BTHMODEM - ok
11:35:25.0875 1152  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:35:25.0890 1152  BthPan - ok
11:35:25.0906 1152  [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
11:35:25.0906 1152  BTHPORT - ok
11:35:25.0937 1152  [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ         C:\WINDOWS\System32\bthserv.dll
11:35:25.0937 1152  BthServ - ok
11:35:25.0953 1152  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:35:25.0953 1152  BTHUSB - ok
11:35:25.0984 1152  [ 50DED7C73E0FB40693EDAB8CAD7C46E7 ] CA561           C:\WINDOWS\system32\Drivers\SPCA561.SYS
11:35:25.0984 1152  CA561 - ok
11:35:26.0000 1152  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:35:26.0000 1152  cbidf2k - ok
11:35:26.0015 1152  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:35:26.0015 1152  CCDECODE - ok
11:35:26.0015 1152  cd20xrnt - ok
11:35:26.0046 1152  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:35:26.0046 1152  Cdaudio - ok
11:35:26.0062 1152  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:35:26.0062 1152  Cdfs - ok
11:35:26.0093 1152  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:35:26.0093 1152  Cdrom - ok
11:35:26.0109 1152  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:35:26.0109 1152  CiSvc - ok
11:35:26.0125 1152  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:35:26.0125 1152  ClipSrv - ok
11:35:26.0156 1152  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:35:26.0156 1152  clr_optimization_v2.0.50727_32 - ok
11:35:26.0203 1152  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:35:26.0203 1152  clr_optimization_v4.0.30319_32 - ok
11:35:26.0203 1152  CmdIde - ok
11:35:26.0203 1152  COMSysApp - ok
11:35:26.0218 1152  Cpqarray - ok
11:35:26.0218 1152  cpudrv - ok
11:35:26.0234 1152  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:35:26.0234 1152  CryptSvc - ok
11:35:26.0250 1152  dac2w2k - ok
11:35:26.0250 1152  dac960nt - ok
11:35:26.0281 1152  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:35:26.0281 1152  DcomLaunch - ok
11:35:26.0281 1152  dgderdrv - ok
11:35:26.0296 1152  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:35:26.0296 1152  Dhcp - ok
11:35:26.0312 1152  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:35:26.0312 1152  Disk - ok
11:35:26.0312 1152  dmadmin - ok
11:35:26.0343 1152  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:35:26.0343 1152  dmboot - ok
11:35:26.0359 1152  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:35:26.0359 1152  dmio - ok
11:35:26.0390 1152  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:35:26.0390 1152  dmload - ok
11:35:26.0406 1152  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:35:26.0406 1152  dmserver - ok
11:35:26.0421 1152  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:35:26.0421 1152  DMusic - ok
11:35:26.0453 1152  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:35:26.0453 1152  Dnscache - ok
11:35:26.0468 1152  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:35:26.0468 1152  Dot3svc - ok
11:35:26.0468 1152  dpti2o - ok
11:35:26.0500 1152  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:35:26.0500 1152  drmkaud - ok
11:35:26.0515 1152  [ 95E2480DC60ABE97B4D1069097072AF9 ] DrmRAudio       C:\WINDOWS\system32\drivers\DrmRAudio.sys
11:35:26.0515 1152  DrmRAudio - ok
11:35:26.0531 1152  [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32      C:\WINDOWS\system32\Drivers\DrvAgent32.sys
11:35:26.0531 1152  DrvAgent32 - ok
11:35:26.0562 1152  [ 1CD824A565DD4D3A33341F08A7CE44D9 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:35:26.0562 1152  e1express - ok
11:35:26.0593 1152  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:35:26.0593 1152  EapHost - ok
11:35:26.0609 1152  [ 0923AEC043F5D355B4EF0C2B29A362DE ] ELacpi          C:\WINDOWS\system32\DRIVERS\ELacpi.sys
11:35:26.0609 1152  ELacpi - ok
11:35:26.0609 1152  [ CBD71E7772F92BFB85CCC302B2DEEFBA ] ELhid           C:\WINDOWS\System32\Drivers\Elhid.sys
11:35:26.0609 1152  ELhid - ok
11:35:26.0625 1152  [ AC75B576C45D144E146FD1F0576A1F53 ] ELkbd           C:\WINDOWS\System32\Drivers\Elkbd.sys
11:35:26.0625 1152  ELkbd - ok
11:35:26.0625 1152  [ 483CCE5E40137D4E437F4DEF55C80007 ] ELmon           C:\WINDOWS\System32\Drivers\Elmon.sys
11:35:26.0625 1152  ELmon - ok
11:35:26.0625 1152  [ 8E88CAFEAC0812BF2D15BEEEDFCCE8BD ] ELmou           C:\WINDOWS\System32\Drivers\Elmou.sys
11:35:26.0625 1152  ELmou - ok
11:35:26.0671 1152  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:35:26.0671 1152  ERSvc - ok
11:35:26.0687 1152  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
11:35:26.0687 1152  Eventlog - ok
11:35:26.0718 1152  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
11:35:26.0718 1152  EventSystem - ok
11:35:26.0750 1152  [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
11:35:26.0750 1152  exFat - ok
11:35:26.0765 1152  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:35:26.0765 1152  Fastfat - ok
11:35:26.0796 1152  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:35:26.0796 1152  FastUserSwitchingCompatibility - ok
11:35:26.0812 1152  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
11:35:26.0812 1152  Fdc - ok
11:35:26.0828 1152  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:35:26.0843 1152  Fips - ok
11:35:26.0843 1152  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
11:35:26.0843 1152  Flpydisk - ok
11:35:26.0859 1152  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:35:26.0859 1152  FltMgr - ok
11:35:26.0890 1152  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:35:26.0890 1152  FontCache3.0.0.0 - ok
11:35:26.0906 1152  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
11:35:26.0906 1152  FsUsbExDisk - ok
11:35:26.0921 1152  [ 0796C1E47ADB9825269E64B9DAB4E741 ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
11:35:26.0921 1152  FsUsbExService - ok
11:35:26.0953 1152  [ C865B83411D7347627A4BEEC22543FB1 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:35:26.0953 1152  Fs_Rec - ok
11:35:26.0984 1152  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:35:26.0984 1152  Ftdisk - ok
11:35:27.0000 1152  [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2         C:\WINDOWS\system32\DRIVERS\ftsata2.sys
11:35:27.0000 1152  ftsata2 - ok
11:35:27.0015 1152  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:35:27.0015 1152  GEARAspiWDM - ok
11:35:27.0031 1152  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:35:27.0046 1152  Gpc - ok
11:35:27.0062 1152  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:35:27.0062 1152  HDAudBus - ok
11:35:27.0125 1152  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:35:27.0125 1152  helpsvc - ok
11:35:27.0140 1152  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:35:27.0140 1152  HidServ - ok
11:35:27.0156 1152  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:35:27.0156 1152  HidUsb - ok
11:35:27.0187 1152  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:35:27.0187 1152  hkmsvc - ok
11:35:27.0250 1152  [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
11:35:27.0250 1152  HP Port Resolver - ok
11:35:27.0265 1152  [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
11:35:27.0265 1152  HP Status Server - ok
11:35:27.0265 1152  hpn - ok
11:35:27.0281 1152  [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:35:27.0281 1152  HPZid412 - ok
11:35:27.0296 1152  [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:35:27.0296 1152  HPZipr12 - ok
11:35:27.0312 1152  [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:35:27.0312 1152  HPZius12 - ok
11:35:27.0343 1152  [ 4F28652EC514FA1BA473BC1A695A5C98 ] HssDrv          C:\WINDOWS\system32\DRIVERS\HssDrv.sys
11:35:27.0343 1152  HssDrv - ok
11:35:27.0375 1152  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:35:27.0375 1152  HTTP - ok
11:35:27.0390 1152  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:35:27.0406 1152  HTTPFilter - ok
11:35:27.0406 1152  i2omgmt - ok
11:35:27.0406 1152  i2omp - ok
11:35:27.0421 1152  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:35:27.0437 1152  i8042prt - ok
11:35:27.0468 1152  [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:35:27.0468 1152  IAANTMON - ok
11:35:27.0500 1152  [ 019CF5F31C67030841233C545A0E217A ] iaStor          C:\WINDOWS\system32\DRIVERS\iastor.sys
11:35:27.0500 1152  iaStor - ok
11:35:27.0546 1152  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:35:27.0562 1152  idsvc - ok
11:35:27.0578 1152  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:35:27.0578 1152  Imapi - ok
11:35:27.0593 1152  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:35:27.0593 1152  ImapiService - ok
11:35:27.0609 1152  ini910u - ok
11:35:27.0718 1152  [ AB2FE0FAA519880BD16E4A0792D633D2 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:35:27.0750 1152  IntcAzAudAddService - ok
11:35:27.0781 1152  [ 386F3F1AD783F3312C057FB8699AE09B ] Intel® PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
11:35:27.0781 1152  Intel® PROSet Monitoring Service - ok
11:35:27.0781 1152  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:35:27.0781 1152  IntelIde - ok
11:35:27.0812 1152  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:35:27.0812 1152  intelppm - ok
11:35:27.0828 1152  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:35:27.0828 1152  Ip6Fw - ok
11:35:27.0828 1152  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:35:27.0828 1152  IpFilterDriver - ok
11:35:27.0843 1152  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:35:27.0843 1152  IpInIp - ok
11:35:27.0859 1152  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:35:27.0859 1152  IpNat - ok
11:35:27.0875 1152  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:35:27.0875 1152  IPSec - ok
11:35:27.0890 1152  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:35:27.0890 1152  IRENUM - ok
11:35:27.0906 1152  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:35:27.0906 1152  isapnp - ok
11:35:27.0921 1152  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:35:27.0921 1152  Kbdclass - ok
11:35:27.0937 1152  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:35:27.0937 1152  kbdhid - ok
11:35:27.0953 1152  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:35:27.0953 1152  kmixer - ok
11:35:27.0984 1152  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:35:27.0984 1152  KSecDD - ok
11:35:28.0015 1152  [ 151D8C22A57025D0619D9ED452A4F1FF ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
11:35:28.0015 1152  L8042Kbd - ok
11:35:28.0031 1152  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:35:28.0031 1152  lanmanserver - ok
11:35:28.0062 1152  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:35:28.0078 1152  lanmanworkstation - ok
11:35:28.0109 1152  [ 2679400B165189E8C5288B8A984AE39A ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:35:28.0109 1152  LBeepKE - ok
11:35:28.0109 1152  lbrtfdc - ok
11:35:28.0187 1152  [ 7AC2D769C4C29D0C8D58C0FB8528FD82 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:35:28.0187 1152  LBTServ - ok
11:35:28.0218 1152  [ 006540C9CDC7E72ADD1435CF778EC674 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:35:28.0218 1152  LHidFilt - ok
11:35:28.0234 1152  [ B280C4608AC389DA9515A35AC4CAB0FD ] libusb0         C:\WINDOWS\system32\drivers\libusb0.sys
11:35:28.0234 1152  libusb0 - ok
11:35:28.0265 1152  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:35:28.0265 1152  LmHosts - ok
11:35:28.0281 1152  [ 3C5BA4B2E4D1180BF9810963A494799A ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:35:28.0281 1152  LMouFilt - ok
11:35:28.0296 1152  [ 49F629541C91371FE3AAA2F8728555D9 ] LUsbFilt        C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
11:35:28.0296 1152  LUsbFilt - ok
11:35:28.0328 1152  [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
11:35:28.0328 1152  LVPr2Mon - ok
11:35:28.0328 1152  [ 2333057542C91AE8228BDCCC2E5F2632 ] LVPrcSrv        C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
11:35:28.0343 1152  LVPrcSrv - ok
11:35:28.0375 1152  [ BA1347822D01B2D29C14CF09663A6457 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:35:28.0375 1152  LVRS - ok
11:35:28.0484 1152  [ E2C99D3B692BA2173114C9DF79313B70 ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:35:28.0500 1152  LVUVC - ok
11:35:28.0531 1152  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:35:28.0531 1152  MBAMProtector - ok
11:35:28.0578 1152  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:35:28.0578 1152  MBAMScheduler - ok
11:35:28.0625 1152  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:35:28.0625 1152  MBAMService - ok
11:35:28.0687 1152  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
11:35:28.0687 1152  McrdSvc - ok
11:35:28.0703 1152  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:35:28.0703 1152  Messenger - ok
11:35:28.0734 1152  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
11:35:28.0734 1152  MHN - ok
11:35:28.0750 1152  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11:35:28.0750 1152  MHNDRV - ok
11:35:28.0765 1152  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:35:28.0765 1152  mnmdd - ok
11:35:28.0781 1152  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:35:28.0781 1152  mnmsrvc - ok
11:35:28.0796 1152  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:35:28.0812 1152  Modem - ok
11:35:28.0828 1152  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:35:28.0828 1152  Mouclass - ok
11:35:28.0859 1152  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:35:28.0859 1152  mouhid - ok
11:35:28.0859 1152  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:35:28.0859 1152  MountMgr - ok
11:35:28.0875 1152  [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
11:35:28.0875 1152  MPE - ok
11:35:28.0890 1152  MpKsl2342df69 - ok
11:35:28.0890 1152  MpKsl58985992 - ok
11:35:28.0890 1152  MpKsl60bc085d - ok
11:35:28.0906 1152  MpKsl701c9bdc - ok
11:35:28.0906 1152  MpKsl7ee84b91 - ok
11:35:28.0906 1152  MpKslea911972 - ok
11:35:28.0921 1152  MpKslfd27adf7 - ok
11:35:28.0921 1152  mraid35x - ok
11:35:28.0937 1152  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:35:28.0937 1152  MRxDAV - ok
11:35:28.0968 1152  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:35:28.0968 1152  MRxSmb - ok
11:35:29.0000 1152  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:35:29.0000 1152  Msfs - ok
11:35:29.0000 1152  MSIServer - ok
11:35:29.0015 1152  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:35:29.0015 1152  MSKSSRV - ok
11:35:29.0046 1152  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:35:29.0046 1152  MSPCLOCK - ok
11:35:29.0062 1152  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:35:29.0062 1152  MSPQM - ok
11:35:29.0078 1152  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:35:29.0078 1152  mssmbios - ok
11:35:29.0093 1152  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:35:29.0093 1152  MSTEE - ok
11:35:29.0109 1152  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:35:29.0109 1152  Mup - ok
11:35:29.0125 1152  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:35:29.0125 1152  NABTSFEC - ok
11:35:29.0171 1152  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:35:29.0171 1152  napagent - ok
11:35:29.0187 1152  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:35:29.0187 1152  NDIS - ok
11:35:29.0218 1152  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:35:29.0218 1152  NdisIP - ok
11:35:29.0250 1152  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:35:29.0250 1152  NdisTapi - ok
11:35:29.0265 1152  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:35:29.0265 1152  Ndisuio - ok
11:35:29.0281 1152  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:35:29.0281 1152  NdisWan - ok
11:35:29.0296 1152  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:35:29.0296 1152  NDProxy - ok
11:35:29.0312 1152  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:35:29.0312 1152  NetBIOS - ok
11:35:29.0328 1152  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:35:29.0328 1152  NetBT - ok
11:35:29.0343 1152  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:35:29.0343 1152  NetDDE - ok
11:35:29.0359 1152  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:35:29.0359 1152  NetDDEdsdm - ok
11:35:29.0375 1152  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:35:29.0375 1152  Netlogon - ok
11:35:29.0406 1152  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:35:29.0406 1152  Netman - ok
11:35:29.0421 1152  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:35:29.0421 1152  NetTcpPortSharing - ok
11:35:29.0437 1152  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:35:29.0437 1152  NIC1394 - ok
11:35:29.0453 1152  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:35:29.0453 1152  Nla - ok
11:35:29.0484 1152  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:35:29.0484 1152  Npfs - ok
11:35:29.0515 1152  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:35:29.0515 1152  Ntfs - ok
11:35:29.0531 1152  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:35:29.0531 1152  NtLmSsp - ok
11:35:29.0562 1152  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:35:29.0562 1152  NtmsSvc - ok
11:35:29.0593 1152  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:35:29.0593 1152  Null - ok
11:35:29.0890 1152  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:35:29.0968 1152  nv - ok
11:35:30.0000 1152  [ 5150B108EA88831E1C599603D8B89621 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
11:35:30.0000 1152  NVSvc - ok
11:35:30.0015 1152  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:35:30.0015 1152  NwlnkFlt - ok
11:35:30.0031 1152  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:35:30.0031 1152  NwlnkFwd - ok
11:35:30.0046 1152  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:35:30.0046 1152  ohci1394 - ok
11:35:30.0078 1152  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:35:30.0078 1152  Parport - ok
11:35:30.0093 1152  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:35:30.0093 1152  PartMgr - ok
11:35:30.0109 1152  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:35:30.0109 1152  ParVdm - ok
11:35:30.0125 1152  PCAMPR5 - ok
11:35:30.0125 1152  pccsmcfd - ok
11:35:30.0156 1152  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:35:30.0156 1152  PCI - ok
11:35:30.0156 1152  PCIDump - ok
11:35:30.0171 1152  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:35:30.0171 1152  PCIIde - ok
11:35:30.0187 1152  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:35:30.0187 1152  Pcmcia - ok
11:35:30.0203 1152  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
11:35:30.0203 1152  pcouffin - ok
11:35:30.0218 1152  PDCOMP - ok
11:35:30.0218 1152  PDFRAME - ok
11:35:30.0218 1152  PDRELI - ok
11:35:30.0234 1152  PDRFRAME - ok
11:35:30.0234 1152  perc2 - ok
11:35:30.0234 1152  perc2hib - ok
11:35:30.0265 1152  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:35:30.0265 1152  PlugPlay - ok
11:35:30.0281 1152  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
11:35:30.0281 1152  Pml Driver HPZ12 - ok
11:35:30.0296 1152  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:35:30.0296 1152  PolicyAgent - ok
11:35:30.0312 1152  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:35:30.0312 1152  PptpMiniport - ok
11:35:30.0328 1152  [ 81DBFB92EC47CAC5A7DBAC688886C212 ] Printer Control C:\WINDOWS\system32\PrintCtrl.exe
11:35:30.0328 1152  Printer Control - ok
11:35:30.0343 1152  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:35:30.0343 1152  ProtectedStorage - ok
11:35:30.0359 1152  [ 390C204CED3785609AB24E9C52054A84 ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys
11:35:30.0359 1152  Ps2 - ok
11:35:30.0375 1152  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:35:30.0390 1152  PSched - ok
11:35:30.0406 1152  [ 2BD2E42E36623273261A57E6F27791AC ] pssnap          C:\WINDOWS\system32\DRIVERS\pssnap.sys
11:35:30.0406 1152  pssnap - ok
11:35:30.0437 1152  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:35:30.0437 1152  Ptilink - ok
11:35:30.0453 1152  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:35:30.0453 1152  PxHelp20 - ok
11:35:30.0453 1152  ql1080 - ok
11:35:30.0453 1152  Ql10wnt - ok
11:35:30.0468 1152  ql12160 - ok
11:35:30.0468 1152  ql1240 - ok
11:35:30.0468 1152  ql1280 - ok
11:35:30.0484 1152  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:35:30.0484 1152  RasAcd - ok
11:35:30.0515 1152  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:35:30.0515 1152  RasAuto - ok
11:35:30.0531 1152  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:35:30.0531 1152  Rasl2tp - ok
11:35:30.0562 1152  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:35:30.0562 1152  RasMan - ok
11:35:30.0578 1152  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:35:30.0578 1152  RasPppoe - ok
11:35:30.0609 1152  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:35:30.0609 1152  Raspti - ok
11:35:30.0625 1152  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:35:30.0625 1152  Rdbss - ok
11:35:30.0671 1152  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:35:30.0671 1152  RDPCDD - ok
11:35:30.0703 1152  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:35:30.0703 1152  rdpdr - ok
11:35:30.0734 1152  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:35:30.0734 1152  RDPWD - ok
11:35:30.0750 1152  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:35:30.0765 1152  RDSessMgr - ok
11:35:30.0765 1152  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:35:30.0765 1152  redbook - ok
11:35:30.0812 1152  [ 3ECAFFA92BBE7407F5405820DFE8D740 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
11:35:30.0812 1152  ReflectService.exe - ok
11:35:30.0843 1152  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:35:30.0843 1152  RemoteAccess - ok
11:35:30.0875 1152  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:35:30.0875 1152  RemoteRegistry - ok
11:35:30.0890 1152  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:35:30.0890 1152  RFCOMM - ok
11:35:30.0921 1152  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
11:35:30.0921 1152  ROOTMODEM - ok
11:35:30.0937 1152  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:35:30.0937 1152  RpcLocator - ok
11:35:30.0953 1152  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
11:35:30.0968 1152  RpcSs - ok
11:35:30.0984 1152  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:35:31.0000 1152  RSVP - ok
11:35:31.0015 1152  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:35:31.0015 1152  rtl8139 - ok
11:35:31.0015 1152  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:35:31.0031 1152  SamSs - ok
11:35:31.0046 1152  [ 729248B54AFF21E740054ACEBFDBCB1C ] SBKUPNT         C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
11:35:31.0046 1152  SBKUPNT - ok
11:35:31.0078 1152  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:35:31.0078 1152  SCardSvr - ok
11:35:31.0109 1152  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:35:31.0109 1152  Schedule - ok
11:35:31.0125 1152  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:35:31.0125 1152  Secdrv - ok
11:35:31.0156 1152  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:35:31.0156 1152  seclogon - ok
11:35:31.0171 1152  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:35:31.0171 1152  SENS - ok
11:35:31.0187 1152  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:35:31.0187 1152  Serenum - ok
11:35:31.0203 1152  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
11:35:31.0218 1152  Serial - ok
11:35:31.0234 1152  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:35:31.0234 1152  Sfloppy - ok
11:35:31.0265 1152  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:35:31.0281 1152  SharedAccess - ok
11:35:31.0281 1152  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:35:31.0296 1152  ShellHWDetection - ok
11:35:31.0296 1152  Simbad - ok
11:35:31.0312 1152  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:35:31.0312 1152  SLIP - ok
11:35:31.0343 1152  [ D72A21424CA66C7A745BD995ECA6A710 ] SMBios          C:\WINDOWS\system32\DRIVERS\SMBios.sys
11:35:31.0343 1152  SMBios - ok
11:35:31.0359 1152  Sparrow - ok
11:35:31.0375 1152  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:35:31.0375 1152  splitter - ok
11:35:31.0390 1152  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:35:31.0406 1152  Spooler - ok
11:35:31.0406 1152  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:35:31.0406 1152  sr - ok
11:35:31.0437 1152  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:35:31.0453 1152  srservice - ok
11:35:31.0484 1152  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:35:31.0484 1152  Srv - ok
11:35:31.0500 1152  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:35:31.0500 1152  SSDPSRV - ok
11:35:31.0531 1152  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:35:31.0531 1152  ssmdrv - ok
11:35:31.0546 1152  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
11:35:31.0546 1152  StillCam - ok
11:35:31.0578 1152  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:35:31.0593 1152  stisvc - ok
11:35:31.0625 1152  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:35:31.0625 1152  streamip - ok
11:35:31.0625 1152  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:35:31.0625 1152  swenum - ok
11:35:31.0640 1152  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:35:31.0656 1152  swmidi - ok
11:35:31.0656 1152  SwPrv - ok
11:35:31.0671 1152  symc810 - ok
11:35:31.0671 1152  symc8xx - ok
11:35:31.0671 1152  sym_hi - ok
11:35:31.0687 1152  sym_u3 - ok
11:35:31.0703 1152  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:35:31.0703 1152  sysaudio - ok
11:35:31.0718 1152  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:35:31.0718 1152  SysmonLog - ok
11:35:31.0750 1152  [ 98A1E6BC9F766B0B0A5BF00AF847EF20 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
11:35:31.0750 1152  tap0901 - ok
11:35:31.0765 1152  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
11:35:31.0765 1152  taphss - ok
11:35:31.0796 1152  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:35:31.0796 1152  TapiSrv - ok
11:35:31.0828 1152  [ 4D46F63F7DDC2442941D63327C360B90 ] tbhsd           C:\WINDOWS\system32\drivers\tbhsd.sys
11:35:31.0828 1152  tbhsd - ok
11:35:31.0859 1152  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:35:31.0859 1152  Tcpip - ok
11:35:31.0890 1152  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:35:31.0890 1152  TDPIPE - ok
11:35:31.0906 1152  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:35:31.0906 1152  TDTCP - ok
11:35:31.0906 1152  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:35:31.0906 1152  TermDD - ok
11:35:31.0953 1152  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
11:35:31.0953 1152  TermService - ok
11:35:31.0968 1152  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:35:31.0968 1152  Themes - ok
11:35:32.0000 1152  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:35:32.0000 1152  TlntSvr - ok
11:35:32.0015 1152  [ AD866D83B4F0391AECCEB4E507011831 ] tmcomm          C:\WINDOWS\system32\drivers\tmcomm.sys
11:35:32.0015 1152  tmcomm - ok
11:35:32.0031 1152  TosIde - ok
11:35:32.0046 1152  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:35:32.0046 1152  TrkWks - ok
11:35:32.0078 1152  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:35:32.0078 1152  Udfs - ok
11:35:32.0078 1152  ultra - ok
11:35:32.0093 1152  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:35:32.0109 1152  Update - ok
11:35:32.0125 1152  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:35:32.0125 1152  upnphost - ok
11:35:32.0140 1152  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:35:32.0140 1152  UPS - ok
11:35:32.0171 1152  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:35:32.0171 1152  usbaudio - ok
11:35:32.0187 1152  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:35:32.0187 1152  usbccgp - ok
11:35:32.0203 1152  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:35:32.0203 1152  usbehci - ok
11:35:32.0234 1152  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:35:32.0234 1152  usbhub - ok
11:35:32.0250 1152  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:35:32.0250 1152  usbprint - ok
11:35:32.0265 1152  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:35:32.0265 1152  usbscan - ok
11:35:32.0281 1152  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:35:32.0281 1152  usbstor - ok
11:35:32.0296 1152  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:35:32.0296 1152  usbuhci - ok
11:35:32.0312 1152  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:35:32.0312 1152  usbvideo - ok
11:35:32.0343 1152  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:35:32.0343 1152  usb_rndisx - ok
11:35:32.0343 1152  VComm - ok
11:35:32.0343 1152  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:35:32.0343 1152  VgaSave - ok
11:35:32.0375 1152  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
11:35:32.0375 1152  ViaIde - ok
11:35:32.0390 1152  [ C25A1D40621C05F1107A418B07915D97 ] visctap0901     C:\WINDOWS\system32\DRIVERS\visctap0901.sys
11:35:32.0390 1152  visctap0901 - ok
11:35:32.0406 1152  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:35:32.0406 1152  VolSnap - ok
11:35:32.0437 1152  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:35:32.0437 1152  VSS - ok
11:35:32.0453 1152  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
11:35:32.0453 1152  W32Time - ok
11:35:32.0484 1152  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:35:32.0484 1152  Wanarp - ok
11:35:32.0500 1152  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:35:32.0515 1152  Wdf01000 - ok
11:35:32.0515 1152  WDICA - ok
11:35:32.0531 1152  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:35:32.0531 1152  wdmaud - ok
11:35:32.0546 1152  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:35:32.0546 1152  WebClient - ok
11:35:32.0593 1152  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:35:32.0593 1152  winmgmt - ok
11:35:32.0640 1152  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
11:35:32.0640 1152  WinUSB - ok
11:35:32.0671 1152  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:35:32.0671 1152  WmdmPmSN - ok
11:35:32.0703 1152  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:35:32.0703 1152  Wmi - ok
11:35:32.0718 1152  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:35:32.0718 1152  WmiApSrv - ok
11:35:32.0796 1152  [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:35:32.0796 1152  WMPNetworkSvc - ok
11:35:32.0843 1152  [ B72D232E46FF5EE2BD8F61498B748DF7 ] WN5301          C:\WINDOWS\system32\DRIVERS\wn5301.sys
11:35:32.0843 1152  WN5301 - ok
11:35:32.0875 1152  [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:35:32.0875 1152  WpdUsb - ok
11:35:32.0921 1152  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:35:32.0937 1152  WPFFontCache_v0400 - ok
11:35:32.0968 1152  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
11:35:32.0968 1152  WsAudio_DeviceS(1) - ok
11:35:32.0984 1152  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
11:35:32.0984 1152  WsAudio_DeviceS(2) - ok
11:35:33.0000 1152  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
11:35:33.0000 1152  WsAudio_DeviceS(3) - ok
11:35:33.0015 1152  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
11:35:33.0015 1152  WsAudio_DeviceS(4) - ok
11:35:33.0046 1152  [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
11:35:33.0046 1152  WsAudio_DeviceS(5) - ok
11:35:33.0062 1152  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:35:33.0062 1152  wscsvc - ok
11:35:33.0093 1152  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:35:33.0093 1152  WSTCODEC - ok
11:35:33.0109 1152  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:35:33.0125 1152  wuauserv - ok
11:35:33.0140 1152  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:35:33.0140 1152  WudfPf - ok
11:35:33.0171 1152  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:35:33.0171 1152  WudfRd - ok
11:35:33.0187 1152  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:35:33.0187 1152  WudfSvc - ok
11:35:33.0218 1152  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:35:33.0218 1152  WZCSVC - ok
11:35:33.0234 1152  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:35:33.0250 1152  xmlprov - ok
11:35:33.0265 1152  [ 8DF1397D04FD64653D58C19B56B0615B ] ZCinema_TSHD    C:\WINDOWS\system32\drivers\ZCinema_SRS_i386.sys
11:35:33.0265 1152  ZCinema_TSHD - ok
11:35:33.0296 1152  ================ Scan global ===============================
11:35:33.0312 1152  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:35:33.0343 1152  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:35:33.0359 1152  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:35:33.0375 1152  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:35:33.0375 1152  [Global] - ok
11:35:33.0375 1152  ================ Scan MBR ==================================
11:35:33.0390 1152  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:35:33.0593 1152  \Device\Harddisk0\DR0 - ok
11:35:33.0593 1152  ================ Scan VBR ==================================
11:35:33.0593 1152  [ BF113BE2FB12F6E412C22C212ACAD314 ] \Device\Harddisk0\DR0\Partition1
11:35:33.0593 1152  \Device\Harddisk0\DR0\Partition1 - ok
11:35:33.0593 1152  ============================================================
11:35:33.0593 1152  Scan finished
11:35:33.0593 1152  ============================================================
11:35:33.0609 3424  Detected object count: 0
11:35:33.0609 3424  Actual detected object count: 0
11:35:37.0281 3812  Deinitialize success

 

I used to use a VPN, but have not used it for approx 3 months +...(uninstalled the client)

 

Brian
 

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 06:30 AM

The only remnants that i can find is a local connection called TAP-win32 Adapter V9, which is disabled.

 

Brian


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 June 2013 - 06:33 AM

Download the attached regfix.zip and unzip it to your desktop.

Run it under administrative privileges and restart your computer.

 

When finished, get a new FSS log and post it up

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 06:48 AM

 
 

Marius,

 

Farbar Service Scanner Version: 31-05-2013 01
Ran by HP_Administrator (administrator) on 06-06-2013 at 21:46:29
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Demand. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

ATTENTION!=====> local policy on IP:
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Value: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{19035bf5-426d-4167-a7bc-699834b80135}"


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) HssDrv(11) IPSec(4) NetBT(5) PSched(7) RFCOMM(10) Tcpip(3)
0x0B0000000800000004000000010000000200000003000000050000000600000007000000090000000A0000000B000000


**** End of log ****

 

Brian


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 June 2013 - 06:52 AM

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Edited by TB-Psychotic, 06 June 2013 - 06:52 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 07:22 AM

 
 

Marius.....I am thinking that perhaps something got a little mixed up somewhere.....in my email inbox i received....::

Condobloke,

TB-Psychotic has just posted a reply to a topic that you have subscribed to titled "Attempted to run GMER, Instantaneous BSOD".

The topic can be found here:

http://www.bleepingcomputer.com/forums/t/497067/attempted-to-run-gmer-instantaneous-bsod/?view=getnewpost

 

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


 

  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

 

However......on this page there is a request to run FRST.

 

I have already run Combofix......it downloaded the recovery tool......scanned up to Item 50....and Blue Screened !.......I have the Tech Info for that here if needed.

 

Should i now run FRST  ??

 

Brian

 

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 07:36 AM

 
 

Seeing the frst scan is quite non invasive I thought I may as well post the two logs here for you .....

I am going to bed now.....early start here tomorrow......Thank You!! for your help thus far Marius.

 

 

Marius, FRST.....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by HP_Administrator (administrator) on 06-06-2013 22:26:00
Running from C:\Documents and Settings\HP_Administrator\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\PROGRAM FILES\WIZMOUSE\WizMouse.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(NesterSoft Inc.) C:\Program Files\TimeLeft3\TimeLeft.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2238704 2013-02-21] (Logitech, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.dll <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [WizMouse] "C:\PROGRAM FILES\WIZMOUSE\WizMouse.exe" [121648 2011-09-30] ()
HKCU\...\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [EPSON TX820 Artisan830 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGXP.EXE /FU "C:\WINDOWS\TEMP\E_SA5FC.tmp" /EF "HKCU" [x]
HKU\Administrator\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\LocalService.NT AUTHORITY\...\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE [x]
HKU\LocalService.NT AUTHORITY\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
HKU\NetworkService.NT AUTHORITY\...\Run: [CTFMON.EXE] C:\WINDOWS.1\system32\CTFMON.EXE [x]
HKU\NetworkService.NT AUTHORITY\...\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\TimeLeft.lnk
ShortcutTarget: TimeLeft.lnk -> C:\Program Files\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/default.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default
FF Homepage: hxxp://www.news.google.com/|hxxp://www.smh.com.au/|hxxp://www.theaustralian.com.au/|hxxp://www.abc.net.au/news
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Extension: Flash Video Downloader - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\artur.dubovoy@gmail.com
FF Extension: FireDownload - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\firedownload@mozilla(2).org
FF Extension: GoogleTube - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\googletube@googletube.com
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\piclens@cooliris(2).com
FF Extension: SmarterFox - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\smarterwiki@wikiatic.com
FF Extension: Firefoxp - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\sspunker88@yahoo.com
FF Extension: LastPass - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\support@lastpass.com
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
FF Extension: IE Tab - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}(2)
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF Extension: Menu Editor - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\8cf4c94957b495f9c5bf86ca0e57e2ac1dd7d41a9f6f11148a68202226c43dd2_lp.key
FF Extension: chenyanxu8821 - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\chenyanxu8821@163
FF Extension: orbit_ffext - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nuqi9f64.default\Extensions\orbit_ffext@orbitdownloader

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-05-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-05-11] (Avira Operations GmbH & Co. KG)
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
S4 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S4 Printer Control; C:\WINDOWS\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [225400 2013-03-01] ()
S4 BcmSqlStartupSvc;
S4 LightScribeService;
S3 MSSQL$MSSMLBIZ;
S4 MSSQLServerADHelper;

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [2829696 2006-04-12] (ASUSTek)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-05-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-05-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-11] (Avira Operations GmbH & Co. KG)
R0 bb-run; C:\Windows\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2003-09-04] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [23608 2011-03-22] (Windows ® Codename Longhorn DDK provider)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2010-08-26] (Phoenix Technologies)
R3 ELacpi; C:\Windows\System32\DRIVERS\ELacpi.sys [9728 2006-05-09] (Intel Corporation)
R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-09] (Intel Corporation)
R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-09] (Intel Corporation)
R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-09] (Intel Corporation)
R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-09] (Intel Corporation)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-04-18] ()
R0 ftsata2; C:\Windows\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
R3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [37376 2011-03-01] (AnchorFree Inc.)
R2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12808 2013-01-03] (Logitech, Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [21504 2011-11-24] (http://libusb-win32.sourceforge.net)
R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [40200 2013-01-03] (Logitech, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-03-01] (Macrium Software)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
R3 SMBios; C:\Windows\System32\DRIVERS\SMBios.sys [36484 2005-05-02] (Intel Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-11] (Avira GmbH)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
R3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-07-27] (AnchorFree Inc)
S4 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-01-11] (RapidSolution Software AG)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [205072 2012-05-25] (Trend Micro Inc.)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [33760 2012-11-09] (The OpenVPN Project)
S3 WN5301; C:\Windows\System32\DRIVERS\wn5301.sys [468768 2005-10-06] (Liteon Technology Inc.)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
R3 ZCinema_TSHD; C:\Windows\System32\drivers\ZCinema_SRS_i386.sys [21392 2007-08-13] (SRS Labs, Inc.)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [x]
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 MpKsl2342df69; No ImagePath
S4 MpKsl58985992; No ImagePath
S4 MpKsl60bc085d; No ImagePath
S4 MpKsl701c9bdc; No ImagePath
S4 MpKsl7ee84b91; No ImagePath
S4 MpKslea911972; No ImagePath
S4 MpKslfd27adf7; No ImagePath
S4 mraid35x; No ImagePath
S3 PCAMPR5; No ImagePath
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 VComm; system32\DRIVERS\VComm.sys [x]
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-06-06 22:25 - 2013-06-06 22:25 - 00000000 ____D C:\FRST
2013-06-06 22:24 - 2013-06-06 22:25 - 01357013 ____A (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2013-06-06 22:13 - 2013-06-06 22:12 - 00106496 ____A C:\Windows\Minidump\Mini060613-01.dmp
2013-06-06 22:01 - 2013-06-06 22:01 - 00000000 RASHD C:\cmdcons
2013-06-06 21:54 - 2013-06-06 22:07 - 00000000 ___SD C:\ComboFix
2013-06-06 21:54 - 2013-06-06 21:54 - 00000000 ____D C:\Qoobox
2013-06-06 21:54 - 2011-06-26 16:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-06 21:54 - 2010-11-08 03:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-06 21:54 - 2009-04-20 14:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-06 21:54 - 2000-08-31 10:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-06 21:54 - 2000-08-31 10:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-06 21:54 - 2000-08-31 10:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-06-06 21:54 - 2000-08-31 10:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-06 21:54 - 2000-08-31 10:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-06 21:54 - 2000-08-31 10:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-06 21:52 - 2013-06-06 21:53 - 05077725 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
2013-06-06 21:40 - 2013-06-06 21:40 - 00000359 ____A C:\Documents and Settings\HP_Administrator\Desktop\regfix.zip
2013-06-06 21:23 - 2013-06-06 21:29 - 00004134 ____A C:\Windows\setupapi.log
2013-06-06 21:17 - 2013-06-06 21:17 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
2013-06-06 20:59 - 2013-06-06 21:46 - 00002602 ____A C:\Documents and Settings\HP_Administrator\Desktop\FSS.txt
2013-06-06 20:18 - 2013-06-06 20:18 - 00355651 ____A (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
2013-06-06 20:16 - 2013-06-06 20:16 - 02347384 ____A (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu(1).exe
2013-06-06 20:14 - 2013-06-06 20:15 - 11859409 ____A C:\Documents and Settings\HP_Administrator\Desktop\NTFStoFAT32Wizard231.zip
2013-06-06 19:41 - 2013-06-06 19:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-06 19:40 - 2013-06-06 19:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\mbar-1.06.0.1003
2013-06-06 19:38 - 2013-06-06 19:38 - 13169742 ____A C:\Documents and Settings\HP_Administrator\Desktop\mbar-1.06.0.1003.zip
2013-06-06 08:56 - 2013-06-06 08:56 - 00000178 ____A C:\Documents and Settings\HP_Administrator\Desktop\attempt GMER.url
2013-06-06 06:34 - 2013-06-06 06:34 - 00003673 ____A C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
2013-06-06 06:30 - 2013-06-06 06:30 - 00012479 ____A C:\Documents and Settings\HP_Administrator\Desktop\dds.txt
2013-06-06 06:30 - 2013-06-06 06:30 - 00011151 ____A C:\Documents and Settings\HP_Administrator\Desktop\attach.txt
2013-06-05 19:25 - 2013-06-05 19:24 - 00106496 ____A C:\Windows\Minidump\Mini060513-02.dmp
2013-06-05 18:12 - 2013-06-05 18:12 - 00106496 ____A C:\Windows\Minidump\Mini060513-01.dmp
2013-06-05 18:12 - 2013-06-05 18:12 - 00000000 ____D C:\Windows\Minidump
2013-06-05 17:19 - 2013-06-05 17:19 - 00377856 ____A C:\Documents and Settings\HP_Administrator\Desktop\Condobloke.exe
2013-06-05 11:23 - 2013-06-05 11:42 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\JAM Software
2013-06-05 10:14 - 2013-06-06 22:13 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-05 10:14 - 2013-06-06 22:13 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-05 10:14 - 2013-06-06 21:54 - 00014952 ____A C:\Windows\SchedLgU.Txt
2013-06-05 10:14 - 2013-06-05 10:14 - 00364120 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-05 10:14 - 2013-06-05 10:14 - 00000000 ____A C:\Windows\Sti_Trace.log
2013-06-05 10:13 - 2013-06-06 21:44 - 00049230 ____A C:\Windows\WindowsUpdate.log
2013-06-04 19:20 - 2013-06-04 19:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\JOY
2013-06-03 16:13 - 2013-06-03 16:13 - 00000125 ____A C:\Documents and Settings\HP_Administrator\Desktop\Ramesh's Site.url
2013-06-03 15:13 - 2013-06-03 15:13 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2013-06-03 15:02 - 2013-06-04 06:38 - 00000000 ____D C:\Program Files\Messenger
2013-06-03 15:02 - 2013-06-03 15:02 - 00000000 ____D C:\Program Files\msn
2013-06-03 15:02 - 2008-04-14 05:42 - 00010752 ____N (Microsoft Corporation) C:\Windows\System32\smtpapi.dll
2013-06-03 15:02 - 2008-04-14 05:42 - 00009728 ____N (Microsoft Corporation) C:\Windows\System32\rwnh.dll
2013-06-03 15:02 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\Windows\System32\ieencode.dll
2013-06-03 14:25 - 2013-06-03 14:25 - 00010752 ____A (Almeida & Andrade Ltda) C:\Windows\System32\aamd532.dll
2013-06-03 07:22 - 2013-06-03 07:22 - 02347384 ____A (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
2013-06-03 07:22 - 2013-06-03 07:22 - 00000000 ____D C:\Program Files\ESET
2013-06-02 09:11 - 2013-06-02 09:12 - 00000140 ____A C:\Documents and Settings\HP_Administrator\Desktop\SciShow.url
2013-06-01 18:46 - 2013-06-01 18:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2013-06-01 18:32 - 2013-06-01 18:32 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-06-01 16:51 - 2013-06-01 16:51 - 00000000 ____A C:\Windows\__tmp_rar_sfx_access_check_1345953
2013-06-01 16:27 - 2013-06-01 16:27 - 00002160 ____A C:\AdwCleaner[S6].txt
2013-06-01 16:26 - 2013-06-01 16:26 - 00002088 ____A C:\AdwCleaner[R4].txt
2013-05-29 15:13 - 2013-05-29 15:13 - 00000140 ____A C:\Documents and Settings\HP_Administrator\Desktop\SOYLENT.url
2013-05-26 14:57 - 2013-05-26 14:57 - 00000133 ____A C:\Documents and Settings\HP_Administrator\Desktop\roller door.url
2013-05-26 11:07 - 2013-05-26 11:07 - 00000000 __HDC C:\Windows\$NtUninstallwinusb0100$
2013-05-26 11:03 - 2013-04-03 17:58 - 01112288 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01007.dll
2013-05-26 11:03 - 2013-04-03 17:58 - 00581192 ____A (Microsoft Corporation) C:\Windows\System32\WinUSBCoInstaller.dll
2013-05-26 10:57 - 2013-05-26 10:57 - 00000000 ____D C:\Documents and Settings\All Users\Documents\NativeFus_Log
2013-05-26 10:47 - 2013-05-26 10:47 - 00000000 ____D C:\Program Files\MarkAny
2013-05-26 10:46 - 2013-06-01 18:49 - 00000000 ____D C:\Program Files\Samsung
2013-05-26 09:51 - 2013-05-26 09:47 - 03888054 ____A C:\Documents and Settings\HP_Administrator\My Documents\record of first C'Link Payment.bmp
2013-05-25 18:22 - 2013-05-25 18:22 - 00001570 ____A C:\AdwCleaner[S5].txt
2013-05-25 18:21 - 2013-05-25 18:21 - 00001510 ____A C:\AdwCleaner[R3].txt
2013-05-25 18:21 - 2013-05-25 18:21 - 00000353 ____A C:\AdwCleaner[S4].txt
2013-05-25 10:57 - 2013-05-25 10:57 - 00000000 ____D C:\Program Files\TimeLeft3
2013-05-25 10:57 - 2013-05-25 10:57 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\NesterSoft
2013-05-25 10:34 - 2013-05-25 10:32 - 00911720 ____A (Chaos Software Group, Inc.) C:\Documents and Settings\HP_Administrator\My Documents\atomic.exe
2013-05-24 18:45 - 2013-05-24 18:47 - 107516552 ____A C:\Documents and Settings\HP_Administrator\Desktop\Country Music Ballads Series_ Part 1_Baladas de música country parte 1.mp4
2013-05-24 18:26 - 2013-05-24 18:47 - 00000000 ____D C:\Documents and Settings\HP_Administrator\.smtube
2013-05-24 17:11 - 2009-11-22 14:23 - 12422481 ____A C:\Documents and Settings\HP_Administrator\My Documents\Leona Lewis.Happy..flv
2013-05-24 09:01 - 2013-05-24 09:24 - 00000000 ____D C:\Documents and Settings\HP_Administrator\.smplayer
2013-05-24 09:00 - 2013-05-24 09:00 - 00000000 ____D C:\Program Files\SMPlayer
2013-05-24 07:12 - 2013-05-24 07:13 - 15117228 ____A C:\Documents and Settings\HP_Administrator\Desktop\A fantastic performance of You'll Never Walk Alone With Lyrics.mp4
2013-05-21 13:04 - 2013-05-21 13:04 - 00001940 ____A C:\sc-cleaner.txt
2013-05-21 12:23 - 2013-05-21 12:24 - 00002236 ____A C:\AdwCleaner[S3].txt
2013-05-21 12:14 - 2013-05-21 12:14 - 00002156 ____A C:\AdwCleaner[R2].txt
2013-05-16 14:21 - 2013-05-16 14:22 - 00000104 ____A C:\Documents and Settings\HP_Administrator\Desktop\EZTV.url
2013-05-15 19:00 - 2013-05-15 19:00 - 00000000 ____D C:\Program Files\LopeSoft
2013-05-15 09:44 - 2013-05-15 09:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-15 09:42 - 2013-05-15 09:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-05-12 14:03 - 2013-05-23 18:47 - 00005632 ____A C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-11 19:36 - 2013-05-09 14:47 - 00005113 ____A C:\Documents and Settings\HP_Administrator\My Documents\sg_backup_2013-05-09-1447.spg
2013-05-11 14:43 - 2013-05-11 14:43 - 00000000 ____D C:\Program Files\Avira
2013-05-11 14:43 - 2013-05-11 14:32 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-05-11 14:43 - 2013-05-11 14:32 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-05-11 14:43 - 2013-05-11 14:32 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-05-11 14:43 - 2013-05-11 14:32 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-05-09 20:43 - 2013-05-09 20:54 - 120316796 ____A C:\Documents and Settings\HP_Administrator\Desktop\Filipinas (Pinays) marrying and migrating overseas..mp4
2013-05-09 14:44 - 2013-05-09 14:44 - 00000146 ____A C:\Documents and Settings\HP_Administrator\Desktop\Moon stuff.url
2013-05-09 13:56 - 2013-05-09 13:57 - 00000134 ____A C:\Documents and Settings\HP_Administrator\Desktop\GLASSES...url
2013-05-07 09:49 - 2013-05-07 09:49 - 00000155 ____A C:\Documents and Settings\HP_Administrator\Desktop\Birthdays.url

==================== One Month Modified Files and Folders ========

2013-06-06 22:25 - 2013-06-06 22:25 - 00000000 ____D C:\FRST
2013-06-06 22:25 - 2013-06-06 22:24 - 01357013 ____A (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2013-06-06 22:13 - 2013-06-05 10:14 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-06 22:13 - 2013-06-05 10:14 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-06 22:13 - 2013-05-06 17:07 - 00000000 ____D C:\Windows\System32\logishrd
2013-06-06 22:13 - 2012-01-06 21:43 - 00000000 __SHD C:\Windows\CSC
2013-06-06 22:13 - 2008-09-09 08:37 - 00000062 _ASHC C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
2013-06-06 22:13 - 2006-08-14 20:10 - 00000062 _ASHC C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-06 22:13 - 2006-08-14 20:10 - 00000062 _ASHC C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-06 22:13 - 2005-10-18 13:11 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-06 22:12 - 2013-06-06 22:13 - 00106496 ____A C:\Windows\Minidump\Mini060613-01.dmp
2013-06-06 22:07 - 2013-06-06 21:54 - 00000000 ___SD C:\ComboFix
2013-06-06 22:01 - 2013-06-06 22:01 - 00000000 RASHD C:\cmdcons
2013-06-06 22:01 - 2005-10-19 00:57 - 00000325 _RASH C:\boot.ini
2013-06-06 21:54 - 2013-06-06 21:54 - 00000000 ____D C:\Qoobox
2013-06-06 21:54 - 2013-06-05 10:14 - 00014952 ____A C:\Windows\SchedLgU.Txt
2013-06-06 21:54 - 2009-12-31 22:10 - 00000000 ____D C:\Windows\ERDNT
2013-06-06 21:53 - 2013-06-06 21:52 - 05077725 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
2013-06-06 21:51 - 2013-02-09 08:53 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LastPass
2013-06-06 21:46 - 2013-06-06 20:59 - 00002602 ____A C:\Documents and Settings\HP_Administrator\Desktop\FSS.txt
2013-06-06 21:44 - 2013-06-05 10:13 - 00049230 ____A C:\Windows\WindowsUpdate.log
2013-06-06 21:42 - 2008-09-09 08:37 - 00000178 __SHC C:\Documents and Settings\HP_Administrator\ntuser.ini
2013-06-06 21:40 - 2013-06-06 21:40 - 00000359 ____A C:\Documents and Settings\HP_Administrator\Desktop\regfix.zip
2013-06-06 21:29 - 2013-06-06 21:23 - 00004134 ____A C:\Windows\setupapi.log
2013-06-06 21:17 - 2013-06-06 21:17 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
2013-06-06 21:03 - 2012-12-02 17:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-06 20:18 - 2013-06-06 20:18 - 00355651 ____A (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
2013-06-06 20:16 - 2013-06-06 20:16 - 02347384 ____A (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu(1).exe
2013-06-06 20:15 - 2013-06-06 20:14 - 11859409 ____A C:\Documents and Settings\HP_Administrator\Desktop\NTFStoFAT32Wizard231.zip
2013-06-06 19:56 - 2013-06-06 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-06 19:40 - 2013-06-06 19:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\mbar-1.06.0.1003
2013-06-06 19:38 - 2013-06-06 19:38 - 13169742 ____A C:\Documents and Settings\HP_Administrator\Desktop\mbar-1.06.0.1003.zip
2013-06-06 08:56 - 2013-06-06 08:56 - 00000178 ____A C:\Documents and Settings\HP_Administrator\Desktop\attempt GMER.url
2013-06-06 06:34 - 2013-06-06 06:34 - 00003673 ____A C:\Documents and Settings\HP_Administrator\Desktop\attach.zip
2013-06-06 06:30 - 2013-06-06 06:30 - 00012479 ____A C:\Documents and Settings\HP_Administrator\Desktop\dds.txt
2013-06-06 06:30 - 2013-06-06 06:30 - 00011151 ____A C:\Documents and Settings\HP_Administrator\Desktop\attach.txt
2013-06-05 19:24 - 2013-06-05 19:25 - 00106496 ____A C:\Windows\Minidump\Mini060513-02.dmp
2013-06-05 18:12 - 2013-06-05 18:12 - 00106496 ____A C:\Windows\Minidump\Mini060513-01.dmp
2013-06-05 18:12 - 2013-06-05 18:12 - 00000000 ____D C:\Windows\Minidump
2013-06-05 18:06 - 2005-11-15 07:34 - 00000000 ____D C:\Windows\System32\Restore
2013-06-05 17:19 - 2013-06-05 17:19 - 00377856 ____A C:\Documents and Settings\HP_Administrator\Desktop\Condobloke.exe
2013-06-05 11:42 - 2013-06-05 11:23 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\JAM Software
2013-06-05 10:14 - 2013-06-05 10:14 - 00364120 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-05 10:14 - 2013-06-05 10:14 - 00000000 ____A C:\Windows\Sti_Trace.log
2013-06-04 19:20 - 2013-06-04 19:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\JOY
2013-06-04 06:38 - 2013-06-03 15:02 - 00000000 ____D C:\Program Files\Messenger
2013-06-03 19:34 - 2012-01-07 15:57 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2013-06-03 16:13 - 2013-06-03 16:13 - 00000125 ____A C:\Documents and Settings\HP_Administrator\Desktop\Ramesh's Site.url
2013-06-03 16:09 - 2012-04-28 13:05 - 00000008 _RASH C:\Documents and Settings\HP_Administrator\ntuser.pol
2013-06-03 16:08 - 2009-08-31 22:04 - 00007224 _RASH C:\Documents and Settings\All Users\ntuser.pol
2013-06-03 15:59 - 2009-10-20 15:16 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-03 15:13 - 2013-06-03 15:13 - 00000090 ____A C:\Windows\System32\spupdwxp.log
2013-06-03 15:11 - 2005-10-18 12:52 - 00001158 ___AC C:\Windows\System32\wpa.dbl
2013-06-03 15:09 - 2005-11-15 07:17 - 00000000 ____D C:\Windows\security
2013-06-03 15:02 - 2013-06-03 15:02 - 00000000 ____D C:\Program Files\msn
2013-06-03 15:02 - 2005-11-15 06:50 - 00000000 ____D C:\Windows\Help
2013-06-03 15:02 - 2005-11-12 07:29 - 00000000 ____D C:\Windows\System32\inetsrv
2013-06-03 15:01 - 2006-08-14 20:32 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-06-03 14:25 - 2013-06-03 14:25 - 00010752 ____A (Almeida & Andrade Ltda) C:\Windows\System32\aamd532.dll
2013-06-03 13:17 - 2006-08-14 20:32 - 04299264 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtkHDAud.sys
2013-06-03 07:22 - 2013-06-03 07:22 - 02347384 ____A (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
2013-06-03 07:22 - 2013-06-03 07:22 - 00000000 ____D C:\Program Files\ESET
2013-06-02 09:12 - 2013-06-02 09:11 - 00000140 ____A C:\Documents and Settings\HP_Administrator\Desktop\SciShow.url
2013-06-01 19:18 - 2011-08-22 22:45 - 00000000 ____D C:\Documents and Settings\HP_Administrator\My Documents\My Digital Editions
2013-06-01 18:51 - 2012-07-04 22:13 - 01743633 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4110720639-209095588-2197872672-1007-0.dat
2013-06-01 18:51 - 2012-07-04 22:13 - 00379258 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-06-01 18:49 - 2013-05-26 10:46 - 00000000 ____D C:\Program Files\Samsung
2013-06-01 18:46 - 2013-06-01 18:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2013-06-01 18:41 - 2013-01-02 12:27 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Samsung
2013-06-01 18:41 - 2013-01-02 12:27 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Samsung
2013-06-01 18:41 - 2006-08-14 20:35 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-01 18:32 - 2013-06-01 18:32 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2013-06-01 16:51 - 2013-06-01 16:51 - 00000000 ____A C:\Windows\__tmp_rar_sfx_access_check_1345953
2013-06-01 16:33 - 2012-10-01 06:03 - 00000000 ____D C:\JRT
2013-06-01 16:27 - 2013-06-01 16:27 - 00002160 ____A C:\AdwCleaner[S6].txt
2013-06-01 16:26 - 2013-06-01 16:26 - 00002088 ____A C:\AdwCleaner[R4].txt
2013-05-31 06:25 - 2012-01-11 08:20 - 00000000 ____D C:\Program Files\CCleaner
2013-05-29 15:13 - 2013-05-29 15:13 - 00000140 ____A C:\Documents and Settings\HP_Administrator\Desktop\SOYLENT.url
2013-05-27 09:31 - 2011-01-18 15:39 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-05-26 19:47 - 2012-05-19 09:55 - 00000000 ____D C:\Program Files\Defraggler
2013-05-26 14:57 - 2013-05-26 14:57 - 00000133 ____A C:\Documents and Settings\HP_Administrator\Desktop\roller door.url
2013-05-26 11:52 - 2005-11-15 07:12 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-26 11:07 - 2013-05-26 11:07 - 00000000 __HDC C:\Windows\$NtUninstallwinusb0100$
2013-05-26 10:57 - 2013-05-26 10:57 - 00000000 ____D C:\Documents and Settings\All Users\Documents\NativeFus_Log
2013-05-26 10:47 - 2013-05-26 10:47 - 00000000 ____D C:\Program Files\MarkAny
2013-05-26 10:18 - 2012-08-16 19:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\VoipBuster
2013-05-26 09:47 - 2013-05-26 09:51 - 03888054 ____A C:\Documents and Settings\HP_Administrator\My Documents\record of first C'Link Payment.bmp
2013-05-25 19:59 - 2012-04-22 15:42 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2013-05-25 19:54 - 2009-10-19 14:51 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2013-05-25 19:53 - 2013-01-19 11:17 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\NVIDIA
2013-05-25 19:53 - 2011-07-15 22:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Epson
2013-05-25 18:22 - 2013-05-25 18:22 - 00001570 ____A C:\AdwCleaner[S5].txt
2013-05-25 18:21 - 2013-05-25 18:21 - 00001510 ____A C:\AdwCleaner[R3].txt
2013-05-25 18:21 - 2013-05-25 18:21 - 00000353 ____A C:\AdwCleaner[S4].txt
2013-05-25 10:57 - 2013-05-25 10:57 - 00000000 ____D C:\Program Files\TimeLeft3
2013-05-25 10:57 - 2013-05-25 10:57 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\NesterSoft
2013-05-25 10:32 - 2013-05-25 10:34 - 00911720 ____A (Chaos Software Group, Inc.) C:\Documents and Settings\HP_Administrator\My Documents\atomic.exe
2013-05-24 18:47 - 2013-05-24 18:45 - 107516552 ____A C:\Documents and Settings\HP_Administrator\Desktop\Country Music Ballads Series_ Part 1_Baladas de música country parte 1.mp4
2013-05-24 18:47 - 2013-05-24 18:26 - 00000000 ____D C:\Documents and Settings\HP_Administrator\.smtube
2013-05-24 09:24 - 2013-05-24 09:01 - 00000000 ____D C:\Documents and Settings\HP_Administrator\.smplayer
2013-05-24 09:00 - 2013-05-24 09:00 - 00000000 ____D C:\Program Files\SMPlayer
2013-05-24 07:13 - 2013-05-24 07:12 - 15117228 ____A C:\Documents and Settings\HP_Administrator\Desktop\A fantastic performance of You'll Never Walk Alone With Lyrics.mp4
2013-05-23 18:47 - 2013-05-12 14:03 - 00005632 ____A C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-21 13:04 - 2013-05-21 13:04 - 00001940 ____A C:\sc-cleaner.txt
2013-05-21 12:24 - 2013-05-21 12:23 - 00002236 ____A C:\AdwCleaner[S3].txt
2013-05-21 12:14 - 2013-05-21 12:14 - 00002156 ____A C:\AdwCleaner[R2].txt
2013-05-20 23:10 - 2013-03-10 12:36 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Dropbox
2013-05-20 23:10 - 2012-04-22 21:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2013-05-20 23:10 - 2010-10-06 07:54 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Logishrd
2013-05-20 21:08 - 2013-03-06 17:48 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\calibre
2013-05-20 21:08 - 2013-01-27 17:44 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\.purple
2013-05-20 21:08 - 2012-10-10 06:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Mozilla
2013-05-20 21:08 - 2012-07-20 10:13 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Audacity
2013-05-20 21:08 - 2012-06-03 14:42 - 00000000 ____D C:\Documents and Settings\Guest\Application Data\Mozilla
2013-05-20 21:08 - 2012-01-11 19:31 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Foxit Software
2013-05-20 21:08 - 2011-04-14 12:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\EPSON
2013-05-20 21:08 - 2010-07-07 21:52 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations
2013-05-20 21:08 - 2010-05-15 22:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Logishrd
2013-05-20 21:08 - 2009-10-20 14:39 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
2013-05-20 21:08 - 2009-10-19 16:47 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Logitech
2013-05-20 21:08 - 2009-10-19 16:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Apple Computer
2013-05-19 19:53 - 2012-03-04 11:22 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\MusicBee
2013-05-17 11:13 - 2010-05-15 22:19 - 00016400 ___AC (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-05-17 11:13 - 2010-05-15 22:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Logishrd
2013-05-17 11:13 - 2009-10-20 12:55 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2013-05-17 11:12 - 2009-10-19 19:13 - 00000000 ____D C:\Program Files\Logitech
2013-05-16 14:22 - 2013-05-16 14:21 - 00000104 ____A C:\Documents and Settings\HP_Administrator\Desktop\EZTV.url
2013-05-15 19:00 - 2013-05-15 19:00 - 00000000 ____D C:\Program Files\LopeSoft
2013-05-15 16:03 - 2012-04-04 11:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 16:03 - 2012-01-22 11:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-15 09:44 - 2013-05-15 09:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-15 09:43 - 2013-05-15 09:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-05-15 07:25 - 2009-10-20 11:51 - 00000000 ____D C:\Windows\ie8updates
2013-05-15 07:25 - 2005-10-18 12:53 - 00622402 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-05-15 07:23 - 2006-08-14 20:24 - 00000000 ____D C:\Windows\$hf_mig$
2013-05-15 07:20 - 2009-10-20 11:50 - 72607752 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 12:34 - 2012-04-22 11:45 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\BUSES
2013-05-11 20:49 - 2013-04-29 18:42 - 00000000 ____D C:\Documents and Settings\HP_Administrator\My Documents\Pics from Mooney Street..2006--early 2013
2013-05-11 14:43 - 2013-05-11 14:43 - 00000000 ____D C:\Program Files\Avira
2013-05-11 14:43 - 2013-02-24 19:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2013-05-11 14:32 - 2013-05-11 14:43 - 00135136 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-05-11 14:32 - 2013-05-11 14:43 - 00084744 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-05-11 14:32 - 2013-05-11 14:43 - 00037352 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-05-11 14:32 - 2013-05-11 14:43 - 00028520 ____A (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2013-05-10 07:10 - 2012-11-25 13:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-09 20:54 - 2013-05-09 20:43 - 120316796 ____A C:\Documents and Settings\HP_Administrator\Desktop\Filipinas (Pinays) marrying and migrating overseas..mp4
2013-05-09 14:47 - 2013-05-11 19:36 - 00005113 ____A C:\Documents and Settings\HP_Administrator\My Documents\sg_backup_2013-05-09-1447.spg
2013-05-09 14:47 - 2012-09-16 12:16 - 00005113 ____A C:\Documents and Settings\HP_Administrator\My Documents\FirstBackup.spg
2013-05-09 14:44 - 2013-05-09 14:44 - 00000146 ____A C:\Documents and Settings\HP_Administrator\Desktop\Moon stuff.url
2013-05-09 13:57 - 2013-05-09 13:56 - 00000134 ____A C:\Documents and Settings\HP_Administrator\Desktop\GLASSES...url
2013-05-08 16:44 - 2012-08-16 19:05 - 00000872 ____A C:\Documents and Settings\HP_Administrator\Desktop\VoipBuster.lnk
2013-05-07 14:27 - 2004-08-10 14:00 - 06015488 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-07 14:27 - 2004-08-10 14:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-07 09:49 - 2013-05-07 09:49 - 00000155 ____A C:\Documents and Settings\HP_Administrator\Desktop\Birthdays.url

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

ADDITION....

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by HP_Administrator at 2013-06-06 22:27:23 Run:
Running from C:\Documents and Settings\HP_Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.1.0)
7-Zip 9.20
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Avira Free Antivirus (Version: 13.0.0.3640)
BigPond Broadband ADSL (Version: 9.2)
calibre (Version: 0.9.24)
CameraHelperMsi (Version: 13.00.1774.0)
Cashflow Manager 2004
CCleaner (Version: 4.02)
ConvertXtoDVD 4.1.10.348 (Version: 4.1.10.348)
Defraggler (Version: 2.14)
DocProcQFolder (Version: 1.00.0000)
DocumentViewerQFolder (Version: 1.00.0000)
Dropbox (Version: 1.6.18)
Epson Easy Photo Print 2 (Version: 2.2.3.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
EPSON Scan
EPSON TX820 Artisan830 Series Printer Uninstall
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
ESET Online Scanner v3
e-tax 2012 (Version: 6.0.577)
FileMenu Tools (Version: FileMenu Tools 6.5)
Foxit Reader (Version: 6.0.2.413)
Free RAR Extract Frog (Version: 5.00)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (Version: 9.3.4053)
Google Update Helper (Version: 1.3.21.111)
HpSdpAppCoreApp (Version: 3.00.0000)
ImgBurn (Version: 2.5.7.0)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Matrix Storage Manager
Intel® Quick Resume Technology Drivers
IrfanView (remove only) (Version: 4.35)
K-Lite Codec Pack 7.5.0 (Basic) (Version: 7.5.0)
LastPass(uninstall only)
Logitech SetPoint 6.52 (Version: 6.52.74)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.00.1777.0)
LWS Gallery (Version: 13.00.1778.0)
LWS Help_main (Version: 13.00.1783.0)
LWS Launcher (Version: 13.00.1776.0)
LWS Motion Detection (Version: 13.00.1778.0)
LWS Pictures And Video (Version: 13.00.1778.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.00.1777.0)
Macrium Reflect Free Edition (Version: 5.1.5299)
MacX HD Video Converter Pro For Windows 3.12.2
MainConcept for Software Encoder (Version: 1.1.0.26)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WinUsb 1.0
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 en-US) (Version: 17.0.6)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
MusicBee 2.0 (Version: 2.0)
NewCopy_CDA (Version: 70.0.231.000)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA nView Desktop Manager (Version: 6.14.10.13065)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
ProductContextNPI (Version: 70.0.231.000)
Realtek High Definition Audio Driver
Revo Uninstaller 1.94 (Version: 1.94)
SMPlayer 0.8.5 (Version: 0.8.5)
TimeLeft (Version: 3.62)
Toolbox (Version: 70.0.170.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB955704) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 Runtime (x86) (Version: 1.0.1)
VoipBuster (Version: 4.12 build 704)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 1)
Windows XP Service Pack 3 (Version: 20080414.031525)
WizMouse v1.6.0.2
XP Smoker Free Edition 6.0 (Version: 6.0)
Yahoo!7 Messenger
Z Cinema (Version: 1.0.0)

==================== Restore Points  =========================

05-06-2013 08:06:20 System Checkpoint
06-06-2013 08:25:41 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Wireless LAN PCI 802.11 b/g adapter WN5301A
Description: Wireless LAN PCI 802.11 b/g adapter WN5301A
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Liteon
Service: WN5301
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2013 08:33:35 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (06/03/2013 08:16:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (06/03/2013 07:48:59 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (06/03/2013 07:43:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (06/03/2013 07:43:54 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (06/03/2013 07:42:36 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (06/03/2013 07:38:55 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (05/27/2013 09:31:48 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (05/26/2013 11:52:13 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\Program Files\Samsung\Kies\Kies.exe . Error code = 0x80131f06

Error: (05/26/2013 11:52:13 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: C:\Program Files\Samsung\Kies\Kies.exe . Error code = 0x80131f06


System errors:
=============
Error: (06/06/2013 09:54:21 PM) (Source: Service Control Manager) (User: )
Description: The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/05/2013 05:23:13 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (06/05/2013 05:23:12 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (06/05/2013 05:15:34 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (06/05/2013 05:15:33 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (06/05/2013 05:05:41 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (06/05/2013 05:05:41 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (06/05/2013 00:18:13 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%2

Error: (06/05/2013 00:18:12 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (06/05/2013 00:02:26 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3582.38 MB
Available physical RAM: 2845.24 MB
Total Pagefile: 5817.71 MB
Available Pagefile: 5231.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.58 MB

==================== Drives ================================

Drive c: (HP_PAVILION) (Fixed) (Total:279.46 GB) (Free:240.36 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 279 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Brian.

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 AM

Posted 06 June 2013 - 07:45 AM

No, everything is fine. I was to slow editing my reply. ;)

 

Post up the content of C:\combofix.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W

  • Topic Starter

  • Members
  • 6,085 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:09 PM

Posted 06 June 2013 - 03:31 PM

Marius, 

Combofix did not leave a .txt file.....presumably it BSOD before it had the opportunity to do that.

 

Brian


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users