Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issue #3 of 4...Dell Desktop- login loop, no internet downloads, past malware?


  • This topic is locked This topic is locked
33 replies to this topic

#1 Ajmarks

Ajmarks

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 17 September 2013 - 08:16 PM

Okay, first things first- I was told to post in this forum on my original post (http://www.bleepingcomputer.com/forums/t/506868/so-over-my-head-now-whole-network-infection-if-seems/). Here’s the dealio and the logs for this computer (for more info on the WHOLE issue please see the link above).

 

This is part 3 of 4 issues I am having…ugh.

 

Computer #3 is a DELL DIMENSION DESKTOP PC running WINDOWS XP

This computer is the one that connects directly to my cable modem and the wireless printer all the other computers use. It pretty much has nothing on it but the OS and some programs after I had my 2nd hard drive (that stored muci files) fail about 4-5 months ago- thank god for dropbox backups!

The logs I copied/attached were run IN SAFE MODE. The reason is that I can’t actually get past the login screen if I am not in safe mode. Basically, when I log in regularly it logs me right back out and acts sorta like a log in loop. Also, even in safe mode, I can’t download files from the Internet (including windows updates). Lastly, even though I am an admin I still have to click "run as admin" in safe mode to get things to work but in all actuality this doesn’t help because nothing on this machine is really working how it is supposed to!
 

Across my 4 computers I’ve seen everything flagged from Trojans to backdoors to spyware to adware. Can’t recall what specifically got flagged on this one BUT since I’ve got more logs than I know what to do with I’ve included the dropbox link to ALL the logs I have over the past 1-2 months: http://db.tt/zlnSAkDq

Like I mentioned, I had this posted in another forum but no response until someone told me to post here and wait all over again! L I had a bunch of views, and almost 5 days of waiting. Truthfully I'm sorta ready to just dban everything (tech guy @ work just mentioned this program) and reinstall...but even THAT I’m scared to do without ya’lls help (or if will even actually make a difference).

 I really do need help!! My tech @ home...all of it...is basically useless and I keep falling further and further behind in work and personal life because of this (can't complete work @ home because can't reinstall/install needed programs, can't pay bills online or order items I need for my house because I don't know my computer is clean enough to use my cc; can't forget about all this and watch TV because I don't have cable and my TV comes from the internet; etc.). Add to that I'm going through cancer treatment and all this building stress is NOT good for me (TMI? well i figure gives a sense for why I am so desperate. I swear there is a special place in hell for some of these hacker/virus creators!)

Someone please....

 

xxxxxxxx ORIGINAL DELL DESKTOP LOG xxxxxxxxxxx

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Alison at 17:54:09 on 2013-08-31
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.639 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\protection-scanning programs\HitmanPro.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: AutorunsDisabled - <orphaned>
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript c:\windows\installer\tsclientmsitrans\tscuinst.vbs"
uRunOnce: [TSClientAXDisabler] cmd.exe /C "c:\windows\installer\tsclientmsitrans\tscdsbl.bat"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [A22057BA-F5A8-4F55-9D0D-C965E9923CFE] cmd.exe /C start /D "c:\docume~1\admini~1\locals~1\Temp" /B A22057BA-F5A8-4F55-9D0D-C965E9923CFE.exe -activeimages -postboot
mRunOnce: [OE_WMPWMFSDK_Install_2] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmnetmgr.dll"
mRunOnce: [OE_WMPWMFSDK_Install_3] c:\windows\system32\regsvr32 /s /u "c:\windows\system32\wmv8dmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_4] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmvdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_5] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmvdmoe2.dll"
mRunOnce: [OE_WMPWMFSDK_Install_6] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmadmoe.dll"
mRunOnce: [OE_WMPWMFSDK_Install_7] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmspdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_8] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmspdmoe.dll"
mRunOnce: [OE_WMPWMFSDK_Install_9] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmsdmoe.dll"
mRunOnce: [OE_WMPWMFSDK_Install_10] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmsdmoe2.dll"
mRunOnce: [OE_WMPWMFSDK_Install_20] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmadmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_21] c:\windows\system32\regsvr32 /s "c:\windows\system32\mpg4dmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_22] c:\windows\system32\regsvr32 /s "c:\windows\system32\mp43dmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_23] c:\windows\system32\regsvr32 /s "c:\windows\system32\mp4sdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_24] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmsdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_30] c:\windows\system32\regsvr32 /s "c:\windows\system32\laprxy.dll"
mRunOnce: [OE_WMPWMFSDK_Install_31] "c:\windows\system32\logagent.exe" /RegServer
mRunOnce: [OE_WMPWMFSDK_Install_32] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmvcore.dll"
mRunOnce: [OE_WMPDRM_Install_1] c:\windows\system32\regsvr32 /s "c:\windows\system32\drmstor.dll"
mRunOnce: [OE_WMPDRM_Install_2] c:\windows\system32\regsvr32 /s "c:\windows\system32\drmclien.dll"
mRunOnce: [OE_WMPDRM_Install_4] c:\windows\system32\regsvr32 /s "c:\windows\system32\drmv2clt.dll"
mRunOnce: [OE_WMPDRM_Install_5] c:\windows\system32\regsvr32 /s "c:\windows\system32\blackbox.dll"
mRunOnce: [OE_WMPDRM_Install_6] c:\windows\system32\regsvr32 /s "c:\windows\system32\msnetobj.dll"
mRunOnce: [OE_WMPWMP7_Install_0] c:\windows\inf\unregmp2.exe /MigrateLibrary
mRunOnce: [OE_WMPWMP7_Install_1] "c:\program files\windows media player\migrate.exe" /s
mRunOnce: [OE_WMPWMP7_Install_2] c:\windows\system32\regsvr32 /s c:\windows\system32\wmp.dll
mRunOnce: [OE_WMPWMP7_Install_8] c:\windows\system32\regsvr32 /s c:\windows\system32\wmpshell.dll
mRunOnce: [OE_WMPWMP7_Install_9] c:\windows\system32\regsvr32 /s c:\windows\system32\wmpasf.dll
mRunOnce: [OE_WMPWMP7_Install_10] c:\windows\system32\regsvr32 /s c:\windows\system32\wmpdxm.dll
mRunOnce: [OE_WMPWMP7_Install_11] c:\windows\system32\regsvr32 /s "c:\program files\windows media player\mpvis.dll"
mRunOnce: [OE_WMPWMDM_Install_7] c:\windows\system32\regsvr32 /s c:\windows\system32\mspmsnsv.dll
mRunOnce: [OE_WMPWMP7_Install_20] c:\windows\inf\unregmp2.exe /Shortcuts /RegExts
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1377981637484
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364144211875
TCP: NameServer = 192.168.2.1 66.90.130.101 216.82.201.11
TCP: Interfaces\{2848FCA0-6FE3-4A05-AEEA-C936C44CF042} : DHCPNameServer = 192.168.2.1 66.90.130.101 216.82.201.11
.
============= SERVICES / DRIVERS ===============
.
S4 cerc6;cerc6; [x]
S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);g:\protection-scanning programs\HitmanPro.exe [2013-8-5 9186416]
.
=============== Created Last 30 ================
.
2013-08-31 20:58:53    294912    -c----w-    c:\windows\system32\dllcache\dlimport.exe
2013-08-31 19:26:18    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-08-31 18:52:13    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-08-31 18:46:06    --------    d-----w-    c:\windows\ERUNT
2013-08-31 17:48:53    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-31 17:48:53    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-08-31 17:48:24    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-08-31 17:41:55    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-08-31 17:38:12    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
2013-08-31 17:06:46    --------    d-----w-    c:\windows\system32\msmq
2013-08-31 17:06:45    --------    d-----w-    c:\windows\system32\Logfiles
2013-08-31 17:06:45    --------    d-----w-    C:\Inetpub
2013-08-02 12:56:31    --------    d-----w-    c:\windows\system32\appmgmt
2013-08-02 12:51:40    --------    d--h--w-    c:\windows\system32\GroupPolicy
.
==================== Find3M  ====================
.
2013-06-08 04:55:44    385024    ------w-    c:\windows\system32\html.iec
2013-06-07 21:56:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-06-07 21:56:06    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40:45    1876736    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH: 17:55:23.28 ===============

 

xxxxxxxx MOST RECENT DELL DESKTOP LOG xxxxxxxxxxx

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 20:59:23 on 2013-09-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.821 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = c:\windows\system32\Userinit.exe
BHO: AutorunsDisabled - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [A22057BA-F5A8-4F55-9D0D-C965E9923CFE] cmd.exe /C start /D "c:\docume~1\admini~1\locals~1\Temp" /B A22057BA-F5A8-4F55-9D0D-C965E9923CFE.exe -activeimages -postboot
mRunOnce: [OE_WMPWMFSDK_Install_2] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmnetmgr.dll"
mRunOnce: [OE_WMPWMFSDK_Install_3] c:\windows\system32\regsvr32 /s /u "c:\windows\system32\wmv8dmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_4] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmvdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_5] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmvdmoe2.dll"
mRunOnce: [OE_WMPWMFSDK_Install_6] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmadmoe.dll"
mRunOnce: [OE_WMPWMFSDK_Install_7] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmspdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_8] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmspdmoe.dll"
mRunOnce: [OE_WMPWMFSDK_Install_9] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmsdmoe.dll"
mRunOnce: [OE_WMPWMFSDK_Install_10] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmsdmoe2.dll"
mRunOnce: [OE_WMPWMFSDK_Install_20] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmadmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_21] c:\windows\system32\regsvr32 /s "c:\windows\system32\mpg4dmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_22] c:\windows\system32\regsvr32 /s "c:\windows\system32\mp43dmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_23] c:\windows\system32\regsvr32 /s "c:\windows\system32\mp4sdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_24] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmsdmod.dll"
mRunOnce: [OE_WMPWMFSDK_Install_30] c:\windows\system32\regsvr32 /s "c:\windows\system32\laprxy.dll"
mRunOnce: [OE_WMPWMFSDK_Install_31] "c:\windows\system32\logagent.exe" /RegServer
mRunOnce: [OE_WMPWMFSDK_Install_32] c:\windows\system32\regsvr32 /s "c:\windows\system32\wmvcore.dll"
mRunOnce: [OE_WMPDRM_Install_1] c:\windows\system32\regsvr32 /s "c:\windows\system32\drmstor.dll"
mRunOnce: [OE_WMPDRM_Install_2] c:\windows\system32\regsvr32 /s "c:\windows\system32\drmclien.dll"
mRunOnce: [OE_WMPDRM_Install_4] c:\windows\system32\regsvr32 /s "c:\windows\system32\drmv2clt.dll"
mRunOnce: [OE_WMPDRM_Install_5] c:\windows\system32\regsvr32 /s "c:\windows\system32\blackbox.dll"
mRunOnce: [OE_WMPDRM_Install_6] c:\windows\system32\regsvr32 /s "c:\windows\system32\msnetobj.dll"
mRunOnce: [OE_WMPWMP7_Install_0] c:\windows\inf\unregmp2.exe /MigrateLibrary
mRunOnce: [OE_WMPWMP7_Install_1] "c:\program files\windows media player\migrate.exe" /s
mRunOnce: [OE_WMPWMP7_Install_2] c:\windows\system32\regsvr32 /s c:\windows\system32\wmp.dll
mRunOnce: [OE_WMPWMP7_Install_8] c:\windows\system32\regsvr32 /s c:\windows\system32\wmpshell.dll
mRunOnce: [OE_WMPWMP7_Install_9] c:\windows\system32\regsvr32 /s c:\windows\system32\wmpasf.dll
mRunOnce: [OE_WMPWMP7_Install_10] c:\windows\system32\regsvr32 /s c:\windows\system32\wmpdxm.dll
mRunOnce: [OE_WMPWMP7_Install_11] c:\windows\system32\regsvr32 /s "c:\program files\windows media player\mpvis.dll"
mRunOnce: [OE_WMPWMDM_Install_7] c:\windows\system32\regsvr32 /s c:\windows\system32\mspmsnsv.dll
mRunOnce: [OE_WMPWMP7_Install_20] c:\windows\inf\unregmp2.exe /Shortcuts /RegExts
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1377981637484
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364144211875
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
Hosts: 127.0.0.1    www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
S1 SASDIFSV;SASDIFSV;\??\g:\protection-scanning programs\(ignore) program and installation files\sasdifsv.sys --> g:\protection-scanning programs\(ignore) program and installation files\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\g:\protection-scanning programs\(ignore) program and installation files\saskutil.sys --> g:\protection-scanning programs\(ignore) program and installation files\SASKUTIL.SYS [?]
S4 cerc6;cerc6; [x]
S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"g:\protection-scanning programs\hitmanpro.exe" /crusader:boot --> g:\protection-scanning programs\HitmanPro.exe [?]
.
=============== Created Last 30 ================
.
2013-08-31 23:42:34    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-08-31 23:06:53    --------    d-----w-    c:\program files\TeaTimer (Spybot - Search & Destroy)
2013-08-31 23:05:48    --------    d-----w-    c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-08-31 20:58:53    294912    -c----w-    c:\windows\system32\dllcache\dlimport.exe
2013-08-31 19:26:18    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-08-31 18:52:13    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-08-31 18:46:06    --------    d-----w-    c:\windows\ERUNT
2013-08-31 17:54:36    --------    d-----w-    c:\documents and settings\administrator\local settings\application data\Adobe
2013-08-31 17:48:24    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-08-31 17:48:24    --------    d-----w-    c:\documents and settings\administrator\application data\Malwarebytes
2013-08-31 17:41:55    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-08-31 17:38:12    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
2013-08-31 17:09:41    --------    d-sh--w-    c:\documents and settings\administrator\PrivacIE
2013-08-31 17:06:46    --------    d-----w-    c:\windows\system32\msmq
2013-08-31 17:06:45    --------    d-----w-    c:\windows\system32\Logfiles
2013-08-31 17:06:45    --------    d-----w-    C:\Inetpub
2013-08-31 16:50:53    --------    d-----w-    c:\documents and settings\administrator\application data\MSNInstaller
.
==================== Find3M  ====================
.
2013-07-31 20:11:22    810496    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-07-26 02:47:17    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-07-26 02:47:13    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59    385024    ------w-    c:\windows\system32\html.iec
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 02:59:11    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 20:59:59.01 ===============

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 17 September 2013 - 08:30 PM

Alright so in checking that my post showed up correctly I stumbled upon this post...seems like A LOT of the stuff that happened on my computers (including the weird desktop.ini files in all my folders!!) Not sure if this is helpful but thought since it was soo similar it might be relevant. Haven't done anything suggested here though since I had my own post already and I am trying to be patient :)
http://www.bleepingcomputer.com/forums/t/506405/unknown-undetected-virus-now-created-authorized-user-permissions/



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 AM

Posted 21 September 2013 - 01:14 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#4 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 21 September 2013 - 02:59 PM

I will get started on this but just want to be sure it okay to do all this in Safe Mode since I can't actually login regularly (detailed more in the original post). Please let me know if I shouldn't do parts of this while in Safe Mode.

 

I appreciate you helping me- with all 4 computers no less! I will get started on all of these but save this one for last until I hear back from you :)

AJM



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 AM

Posted 22 September 2013 - 08:05 AM

ComboFix need an Internet Connection.

If you must use Safe Mode then make sure that you select Safe Mode with Internet connection.

If No internet connection Skip ComboFix we can use an other tool.

#6 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 24 September 2013 - 11:21 PM

Okay so I was able run things in safe mode...mostly. I ran adwcleaner and jrt but can't attach logs since I forgot to save them to a USB and they are on my desktop. I'm waiting for my computer to boot after trying to run combo fix and I got the attached messages (photos from phone so safe to open lol).

I'll admit I'm kinda relieved one of the scans FINALLY found something but freaking out cause rootkit sounds serious and I dont have a name or anything to do google research!!

Because of my issue with the login loop I can't login now that it was restarted...meaning combo fix can't finish :( I'm not sure if I should manually restart in safe mode and risk mesisng up combofix or what I need to do!. I don't want to render my computer in bootable or something...

Please help :(

Attached Files



#7 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 25 September 2013 - 07:16 AM

Okay we'll I went to bed with computer in the normal login screen window because I was awaiting your instructions. This morning I woke up and it was restarted (doesn't get too far with the failed hard drive because I have to press F1 for it to continue to boot). Well, it was booting normally again and I thought "screw this!" And turned the computer off and on again so I could load it in safe mode. Once I logged in as admin in safe mode combo fix came right up and started working!!!!! It prompted me for mmc and everything!!! It has rebooted (I did it in safe mode again) and it is doing the "select your os" screen (but then selecting on its own) like the net book is...

I'm cautiously optimistic and will keep you posted on logs.

I hear rootkits are crafty so not sure what other scans we need to do but I want to be SUPER sure combo fix gets this thing! Also, if I should restart in normal mode at some point please let me know :)

#8 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 25 September 2013 - 07:38 AM

Okay so I spoke too soon :( despite my efforts it booted in normal mode and did the loop thing again (reinstalling things I fear). I restarted it and pressed f8 till it was beeping lol

I then pressed an arrow key when the boot option screen came on and got it not to autoload!!!! I attached screen shots (phone took them so okay to open). Basically from the first screen I pressed 8 to get more options which gave me the 2nd screen with the purple safe mode @ the bottom. I then pressed to have xp run as it was doing on its own. I was able to login as admin in safe mode and Combo fix started right back again and actually have me a log this time!!! Ill post the logs when I get to work.

Awaiting further instructions...fearing this bastard just got smarter rather than gone :(

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 AM

Posted 25 September 2013 - 09:46 AM


You can run these tools in safe mode.

I suggest you download the tools from a good computer to a CD or flash driver and copy the files to the desktop of the infected computer.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#10 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 25 September 2013 - 12:54 PM

Logs as promised from this morning....

Adwcleeaner

# AdwCleaner v3.005 - Report created 24/09/2013 at 22:39:15
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - ALISON-DESKTOP
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [769 octets] - [24/09/2013 22:39:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [828 octets] ##########
 

 

 

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Tue 09/24/2013 at 22:41:04.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/24/2013 at 22:44:43.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Combofix

ComboFix 13-09-24.02 - Administrator 09/25/2013   7:10.1.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.844 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
.
 
 
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-25 to 2013-09-25  )))))))))))))))))))))))))))))))
.
.
2013-09-25 08:00 . 2013-09-25 08:02    --------    d-----w-    c:\windows\system32\MRT
2013-09-25 04:12 . 2013-09-25 04:12    --------    d-----w-    c:\documents and settings\Alison
2013-09-25 03:39 . 2013-09-25 04:03    --------    d-----w-    C:\AdwCleaner
2013-08-31 23:42 . 2013-08-31 23:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-08-31 23:06 . 2013-08-31 23:06    --------    d-----w-    c:\program files\TeaTimer (Spybot - Search & Destroy)
2013-08-31 23:05 . 2013-08-31 23:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-08-31 20:58 . 2013-08-31 20:58    --------    d-----w-    c:\windows\ServicePackFiles
2013-08-31 19:26 . 2013-08-31 19:26    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-08-31 18:52 . 2012-06-05 07:37    256904    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-08-31 18:46 . 2013-08-31 18:46    --------    d-----w-    c:\windows\ERUNT
2013-08-31 17:54 . 2013-08-31 17:54    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2013-08-31 17:48 . 2013-08-31 17:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-31 17:48 . 2013-08-31 17:48    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-08-31 17:41 . 2013-08-31 17:41    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-08-31 17:38 . 2013-08-31 17:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-08-31 17:09 . 2013-08-31 17:09    --------    d-sh--w-    c:\documents and settings\Administrator\PrivacIE
2013-08-31 17:06 . 2013-08-31 17:06    --------    d-----w-    c:\windows\system32\msmq
2013-08-31 17:06 . 2013-08-31 17:06    --------    d-----w-    c:\windows\system32\Logfiles
2013-08-31 17:06 . 2013-08-31 17:06    --------    d-----w-    C:\Inetpub
2013-08-31 16:50 . 2013-08-31 16:50    --------    d-----w-    c:\documents and settings\Administrator\Application Data\MSNInstaller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-09 01:56 . 2008-04-14 07:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-14 07:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-14 07:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-14 07:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-14 07:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-14 07:00    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-14 07:00    385024    ------w-    c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-14 07:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-07-31 20:11 . 2008-04-14 07:00    810496    ----a-w-    c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2008-04-14 07:00    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 02:59 . 2008-04-14 07:00    2193536    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01    2070144    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"A22057BA-F5A8-4F55-9D0D-C965E9923CFE"="start" [X]
"OE_WMPWMFSDK_Install_2"="c:\windows\system32\wmnetmgr.dll" [2008-06-10 1053696]
"OE_WMPWMFSDK_Install_4"="c:\windows\system32\wmvdmod.dll" [2013-07-31 810496]
"OE_WMPWMFSDK_Install_5"="c:\windows\system32\wmvdmoe2.dll" [2008-04-14 1001472]
"OE_WMPWMFSDK_Install_6"="c:\windows\system32\wmadmoe.dll" [2008-04-14 670720]
"OE_WMPWMFSDK_Install_7"="c:\windows\system32\wmspdmod.dll" [2009-04-03 485376]
"OE_WMPWMFSDK_Install_8"="c:\windows\system32\wmspdmoe.dll" [2008-04-14 897024]
"OE_WMPWMFSDK_Install_9"="c:\windows\system32\wmsdmoe.dll" [2008-04-14 115200]
"OE_WMPWMFSDK_Install_10"="c:\windows\system32\wmsdmoe2.dll" [2008-04-14 1119744]
"OE_WMPWMFSDK_Install_20"="c:\windows\system32\wmadmod.dll" [2008-04-14 408064]
"OE_WMPWMFSDK_Install_21"="c:\windows\system32\mpg4dmod.dll" [2008-04-14 240640]
"OE_WMPWMFSDK_Install_22"="c:\windows\system32\mp43dmod.dll" [2008-04-14 310272]
"OE_WMPWMFSDK_Install_23"="c:\windows\system32\mp4sdmod.dll" [2010-04-05 384512]
"OE_WMPWMFSDK_Install_24"="c:\windows\system32\wmsdmod.dll" [2008-04-14 759296]
"OE_WMPWMFSDK_Install_30"="c:\windows\system32\laprxy.dll" [2008-04-14 6656]
"OE_WMPWMFSDK_Install_31"="c:\windows\system32\logagent.exe" [2008-06-10 103936]
"OE_WMPWMFSDK_Install_32"="c:\windows\system32\wmvcore.dll" [2010-04-08 2113536]
"OE_WMPDRM_Install_1"="c:\windows\system32\drmstor.dll" [2008-04-14 87040]
"OE_WMPDRM_Install_2"="c:\windows\system32\drmclien.dll" [2008-04-14 299520]
"OE_WMPDRM_Install_4"="c:\windows\system32\drmv2clt.dll" [2008-04-14 695808]
"OE_WMPDRM_Install_5"="c:\windows\system32\blackbox.dll" [2008-04-14 286720]
"OE_WMPDRM_Install_6"="c:\windows\system32\msnetobj.dll" [2008-04-14 259072]
"OE_WMPWMP7_Install_0"="c:\windows\INF\unregmp2.exe" [2008-04-14 208896]
"OE_WMPWMP7_Install_1"="c:\program files\Windows Media Player\migrate.exe" [2008-04-14 786432]
"OE_WMPWMP7_Install_2"="c:\windows\system32\wmp.dll" [2010-08-26 4886528]
"OE_WMPWMP7_Install_8"="c:\windows\system32\wmpshell.dll" [2008-04-14 102400]
"OE_WMPWMP7_Install_9"="c:\windows\system32\wmpasf.dll" [2008-04-14 114688]
"OE_WMPWMP7_Install_10"="c:\windows\system32\wmpdxm.dll" [2009-07-12 233472]
"OE_WMPWMP7_Install_11"="c:\program files\Windows Media Player\mpvis.dll" [2008-04-14 368640]
"OE_WMPWMDM_Install_7"="c:\windows\system32\mspmsnsv.dll" [2008-04-14 52224]
"OE_WMPWMP7_Install_20"="c:\windows\INF\unregmp2.exe" [2008-04-14 208896]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\HP Deskjet 3050A J611 series\\Bin\\HPNetworkCommunicator.exe"=
.
S1 SASDIFSV;SASDIFSV;\??\g:\protection-scanning programs\(ignore) program and installation files\SASDIFSV.SYS --> g:\protection-scanning programs\(ignore) program and installation files\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\g:\protection-scanning programs\(ignore) program and installation files\SASKUTIL.SYS --> g:\protection-scanning programs\(ignore) program and installation files\SASKUTIL.SYS [?]
S4 cerc6;cerc6; [x]
S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"g:\protection-scanning programs\HitmanPro.exe" /crusader:boot --> g:\protection-scanning programs\HitmanPro.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 66.90.130.101 216.82.201.11 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-RunOnce-OE_WMPWMFSDK_Install_3 - c:\windows\system32\wmv8dmod.dll
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - g:\protection-scanning programs\(ignore) program and installation files\SASSEH.DLL
SafeBoot-47725133.sys
AddRemove-Revo Uninstaller - g:\protection-scanning programs\(ignore) program and installation files\Revo Uninstaller\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-25 07:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HitmanPro37CrusaderBoot]
"ImagePath"="\"g:\protection-scanning programs\HitmanPro.exe\" /crusader:boot"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-823518204-1035525444-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-09-25  07:28:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-25 12:28
.
Pre-Run: 51,455,434,752 bytes free
Post-Run: 51,823,489,024 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C2C5CAAB196FC5234EDA37D4C3D725B6
8F558EB6672622401DA993E1E865C861

 

 

combofix quarentine

2013-09-25 12:28:23 . 2013-09-25 12:28:23            1,526 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Revo Uninstaller.reg.dat
2013-09-25 12:28:02 . 2013-09-25 12:28:02              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-47725133.sys.reg.dat
2013-09-25 12:28:00 . 2013-09-25 12:28:00              954 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2013-09-25 12:27:52 . 2013-09-25 12:27:52              190 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-RunOnce-OE_WMPWMFSDK_Install_3.reg.dat
2013-09-25 12:27:50 . 2013-09-25 12:27:50              173 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2013-09-25 12:13:14 . 2013-09-25 12:13:14            6,063 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-09-25 12:10:47 . 2013-09-25 12:10:47              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-09-25 12:07:27 . 2013-09-25 12:07:27               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-08-31 21:14:22 . 2013-08-31 21:14:22              630 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\EventSystem.log.vir
2008-04-14 07:00:00 . 2008-04-14 07:00:00           52,352 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Volsnap.sys.vir <<<THIS IS THE VOLSNAP!!!! What do I do with all the others !?!?
 

 

 

Securitycheck

 Results of screen317's Security Check version 0.99.73  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#11 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 25 September 2013 - 01:03 PM

so in addition to the BIG RED question above...here's one thing that confuses me...

I ran a TDSS and Rouge Killer on 8/31 and neither found anything (i know i know, DIY computer silliness)...but I ran those in normal mode...not safemode with networking if I recall correctly. Should I rerun all the computers with the adware/junk/combofix/security in safemode to see if they also bring up something that is hiding?? It seems odd that for how messed up and wide spread everything was that all the scans are magically clean. I'm worried we are missing something on the other computers....

 

FWIW, here are the 8/31 scans. Here is the link again to ALL the past scans with programs i've already run from this computer...in case it is helpful in some way:http://db.tt/zlnSAkDq

 

 

I will run these others when I get home tonight! I really appreciate you helping with all this and dealing with my panicked questions :)

 

TDSS

14:10:59.0875 0x052c  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
14:11:00.0468 0x052c  ============================================================
14:11:00.0468 0x052c  Current date / time: 2013/08/31 14:11:00.0468
14:11:00.0468 0x052c  SystemInfo:
14:11:00.0468 0x052c  
14:11:00.0468 0x052c  OS Version: 5.1.2600 ServicePack: 3.0
14:11:00.0468 0x052c  Product type: Workstation
14:11:00.0468 0x052c  ComputerName: ALISON-DESKTOP
14:11:00.0468 0x052c  UserName: Administrator
14:11:00.0468 0x052c  Windows directory: C:\WINDOWS
14:11:00.0468 0x052c  System windows directory: C:\WINDOWS
14:11:00.0468 0x052c  Processor architecture: Intel x86
14:11:00.0468 0x052c  Number of processors: 1
14:11:00.0468 0x052c  Page size: 0x1000
14:11:00.0468 0x052c  Boot type: Safe boot with network
14:11:00.0468 0x052c  ============================================================
14:11:02.0218 0x052c  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:11:06.0218 0x052c  Drive \Device\Harddisk1\DR1 - Size: 0x1F7F82000 (7.87 Gb), SectorSize: 0x200, Cylinders: 0x403, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:11:06.0218 0x052c  Drive \Device\Harddisk2\DR6 - Size: 0xEFBFFE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:11:06.0218 0x052c  ============================================================
14:11:06.0218 0x052c  \Device\Harddisk0\DR0:
14:11:06.0234 0x052c  MBR partitions:
14:11:06.0234 0x052c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x6FB817C
14:11:06.0234 0x052c  \Device\Harddisk2\DR6:
14:11:06.0234 0x052c  MBR partitions:
14:11:06.0234 0x052c  \Device\Harddisk2\DR6\Partition1: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
14:11:06.0234 0x052c  ============================================================
14:11:06.0312 0x052c  C: <-> \Device\Harddisk0\DR0\Partition1
14:11:06.0312 0x052c  ============================================================
14:11:06.0312 0x052c  Initialize success
14:11:06.0312 0x052c  ============================================================
14:11:47.0250 0x0338  ============================================================
14:11:47.0250 0x0338  Scan started
14:11:47.0250 0x0338  Mode: Manual;
14:11:47.0250 0x0338  ============================================================
14:11:49.0093 0x0338  ================ Scan system memory ========================
14:11:49.0093 0x0338  System memory - ok
14:11:49.0109 0x0338  ================ Scan services =============================
14:11:49.0187 0x0338  Abiosdsk - ok
14:11:49.0234 0x0338  abp480n5 - ok
14:11:49.0328 0x0338  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:11:49.0328 0x0338  ACPI - ok
14:11:49.0406 0x0338  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:11:49.0406 0x0338  ACPIEC - ok
14:11:49.0437 0x0338  adpu160m - ok
14:11:49.0515 0x0338  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
14:11:49.0515 0x0338  aeaudio - ok
14:11:49.0609 0x0338  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:11:49.0609 0x0338  aec - ok
14:11:49.0703 0x0338  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:11:49.0703 0x0338  AFD - ok
14:11:49.0765 0x0338  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:11:49.0765 0x0338  agp440 - ok
14:11:49.0812 0x0338  Aha154x - ok
14:11:49.0875 0x0338  aic78u2 - ok
14:11:49.0906 0x0338  aic78xx - ok
14:11:49.0968 0x0338  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:11:49.0968 0x0338  Alerter - ok
14:11:50.0031 0x0338  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:11:50.0031 0x0338  ALG - ok
14:11:50.0062 0x0338  AliIde - ok
14:11:50.0093 0x0338  amsint - ok
14:11:50.0171 0x0338  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:11:50.0171 0x0338  AppMgmt - ok
14:11:50.0218 0x0338  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:11:50.0218 0x0338  Arp1394 - ok
14:11:50.0250 0x0338  asc - ok
14:11:50.0281 0x0338  asc3350p - ok
14:11:50.0312 0x0338  asc3550 - ok
14:11:50.0359 0x0338  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:11:50.0359 0x0338  AsyncMac - ok
14:11:50.0453 0x0338  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:11:50.0453 0x0338  atapi - ok
14:11:50.0484 0x0338  Atdisk - ok
14:11:50.0562 0x0338  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:11:50.0562 0x0338  Atmarpc - ok
14:11:50.0593 0x0338  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:11:50.0593 0x0338  AudioSrv - ok
14:11:50.0671 0x0338  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:11:50.0671 0x0338  audstub - ok
14:11:50.0812 0x0338  [ 41347688046D49CDE0F6D138A534F73D ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:11:50.0828 0x0338  BCMModem - ok
14:11:50.0906 0x0338  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:11:50.0906 0x0338  Beep - ok
14:11:50.0984 0x0338  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:11:51.0000 0x0338  BITS - ok
14:11:51.0031 0x0338  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:11:51.0031 0x0338  Browser - ok
14:11:51.0109 0x0338  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:11:51.0109 0x0338  cbidf2k - ok
14:11:51.0390 0x0338  cd20xrnt - ok
14:11:51.0406 0x0338  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:11:51.0406 0x0338  Cdaudio - ok
14:11:51.0453 0x0338  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:11:51.0453 0x0338  Cdfs - ok
14:11:51.0500 0x0338  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:11:51.0500 0x0338  Cdrom - ok
14:11:51.0515 0x0338  cerc6 - ok
14:11:51.0515 0x0338  Changer - ok
14:11:51.0531 0x0338  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:11:51.0531 0x0338  CiSvc - ok
14:11:51.0546 0x0338  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:11:51.0546 0x0338  ClipSrv - ok
14:11:51.0546 0x0338  CmdIde - ok
14:11:51.0546 0x0338  COMSysApp - ok
14:11:51.0546 0x0338  Cpqarray - ok
14:11:51.0593 0x0338  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:11:51.0593 0x0338  CryptSvc - ok
14:11:51.0593 0x0338  dac2w2k - ok
14:11:51.0609 0x0338  dac960nt - ok
14:11:51.0671 0x0338  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:11:51.0687 0x0338  DcomLaunch - ok
14:11:51.0734 0x0338  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:11:51.0734 0x0338  Dhcp - ok
14:11:51.0796 0x0338  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:11:51.0796 0x0338  Disk - ok
14:11:51.0796 0x0338  dmadmin - ok
14:11:51.0875 0x0338  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:11:51.0875 0x0338  dmboot - ok
14:11:51.0906 0x0338  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:11:51.0906 0x0338  dmio - ok
14:11:51.0937 0x0338  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:11:51.0937 0x0338  dmload - ok
14:11:51.0953 0x0338  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:11:51.0968 0x0338  dmserver - ok
14:11:51.0968 0x0338  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:11:51.0968 0x0338  DMusic - ok
14:11:52.0031 0x0338  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:11:52.0031 0x0338  Dnscache - ok
14:11:52.0062 0x0338  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:11:52.0078 0x0338  Dot3svc - ok
14:11:52.0078 0x0338  dpti2o - ok
14:11:52.0125 0x0338  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:11:52.0125 0x0338  drmkaud - ok
14:11:52.0171 0x0338  [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:11:52.0171 0x0338  E100B - ok
14:11:52.0218 0x0338  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:11:52.0218 0x0338  EapHost - ok
14:11:52.0250 0x0338  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:11:52.0250 0x0338  ERSvc - ok
14:11:52.0296 0x0338  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:11:52.0296 0x0338  Eventlog - ok
14:11:52.0359 0x0338  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:11:52.0375 0x0338  EventSystem - ok
14:11:52.0421 0x0338  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:11:52.0437 0x0338  Fastfat - ok
14:11:52.0546 0x0338  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:11:52.0546 0x0338  FastUserSwitchingCompatibility - ok
14:11:52.0593 0x0338  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:11:52.0593 0x0338  Fdc - ok
14:11:52.0640 0x0338  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:11:52.0640 0x0338  Fips - ok
14:11:52.0656 0x0338  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:11:52.0656 0x0338  Flpydisk - ok
14:11:52.0703 0x0338  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:11:52.0703 0x0338  FltMgr - ok
14:11:52.0734 0x0338  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:11:52.0734 0x0338  Fs_Rec - ok
14:11:52.0750 0x0338  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:11:52.0750 0x0338  Ftdisk - ok
14:11:52.0828 0x0338  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:11:52.0828 0x0338  Gpc - ok
14:11:52.0875 0x0338  gupdate - ok
14:11:52.0875 0x0338  gupdatem - ok
14:11:52.0953 0x0338  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:11:52.0953 0x0338  helpsvc - ok
14:11:53.0000 0x0338  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:11:53.0000 0x0338  HidServ - ok
14:11:53.0015 0x0338  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:11:53.0015 0x0338  hidusb - ok
14:11:53.0015 0x0338  HitmanPro37CrusaderBoot - ok
14:11:53.0046 0x0338  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:11:53.0046 0x0338  hkmsvc - ok
14:11:53.0062 0x0338  hpn - ok
14:11:53.0109 0x0338  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:11:53.0109 0x0338  HTTP - ok
14:11:53.0156 0x0338  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:11:53.0171 0x0338  HTTPFilter - ok
14:11:53.0171 0x0338  i2omgmt - ok
14:11:53.0171 0x0338  i2omp - ok
14:11:53.0203 0x0338  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
14:11:53.0218 0x0338  i8042prt - ok
14:11:53.0218 0x0338  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:11:53.0218 0x0338  Imapi - ok
14:11:53.0281 0x0338  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:11:53.0281 0x0338  ImapiService - ok
14:11:53.0281 0x0338  ini910u - ok
14:11:53.0328 0x0338  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:11:53.0328 0x0338  IntelIde - ok
14:11:53.0390 0x0338  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:11:53.0390 0x0338  intelppm - ok
14:11:53.0421 0x0338  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:11:53.0421 0x0338  Ip6Fw - ok
14:11:53.0437 0x0338  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:11:53.0437 0x0338  IpFilterDriver - ok
14:11:53.0437 0x0338  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:11:53.0437 0x0338  IpInIp - ok
14:11:53.0484 0x0338  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:11:53.0484 0x0338  IpNat - ok
14:11:53.0531 0x0338  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:11:53.0531 0x0338  IPSec - ok
14:11:53.0562 0x0338  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:11:53.0562 0x0338  IRENUM - ok
14:11:53.0609 0x0338  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:11:53.0609 0x0338  isapnp - ok
14:11:53.0640 0x0338  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:11:53.0640 0x0338  Kbdclass - ok
14:11:53.0656 0x0338  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:11:53.0656 0x0338  kbdhid - ok
14:11:53.0671 0x0338  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:11:53.0687 0x0338  kmixer - ok
14:11:53.0734 0x0338  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:11:53.0750 0x0338  KSecDD - ok
14:11:53.0796 0x0338  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:11:53.0796 0x0338  LanmanServer - ok
14:11:53.0843 0x0338  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:11:53.0843 0x0338  lanmanworkstation - ok
14:11:53.0859 0x0338  lbrtfdc - ok
14:11:53.0906 0x0338  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:11:53.0906 0x0338  LmHosts - ok
14:11:53.0937 0x0338  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:11:53.0937 0x0338  Messenger - ok
14:11:53.0968 0x0338  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:11:53.0968 0x0338  mnmdd - ok
14:11:54.0015 0x0338  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:11:54.0015 0x0338  mnmsrvc - ok
14:11:54.0046 0x0338  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:11:54.0046 0x0338  Modem - ok
14:11:54.0093 0x0338  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:11:54.0093 0x0338  MODEMCSA - ok
14:11:54.0140 0x0338  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:11:54.0140 0x0338  Mouclass - ok
14:11:54.0140 0x0338  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:11:54.0140 0x0338  mouhid - ok
14:11:54.0187 0x0338  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:11:54.0187 0x0338  MountMgr - ok
14:11:54.0187 0x0338  mraid35x - ok
14:11:54.0203 0x0338  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:11:54.0203 0x0338  MRxDAV - ok
14:11:54.0296 0x0338  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:11:54.0312 0x0338  MRxSmb - ok
14:11:54.0328 0x0338  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:11:54.0343 0x0338  MSDTC - ok
14:11:54.0375 0x0338  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:11:54.0375 0x0338  Msfs - ok
14:11:54.0375 0x0338  MSIServer - ok
14:11:54.0390 0x0338  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:11:54.0390 0x0338  MSKSSRV - ok
14:11:54.0406 0x0338  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:11:54.0406 0x0338  MSPCLOCK - ok
14:11:54.0421 0x0338  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:11:54.0421 0x0338  MSPQM - ok
14:11:54.0453 0x0338  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:11:54.0453 0x0338  mssmbios - ok
14:11:54.0500 0x0338  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:11:54.0500 0x0338  Mup - ok
14:11:54.0546 0x0338  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:11:54.0546 0x0338  napagent - ok
14:11:54.0593 0x0338  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:11:54.0593 0x0338  NDIS - ok
14:11:54.0640 0x0338  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:11:54.0640 0x0338  NdisTapi - ok
14:11:54.0687 0x0338  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:11:54.0687 0x0338  Ndisuio - ok
14:11:54.0703 0x0338  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:11:54.0718 0x0338  NdisWan - ok
14:11:54.0765 0x0338  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:11:54.0765 0x0338  NDProxy - ok
14:11:54.0843 0x0338  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:11:54.0843 0x0338  NetBIOS - ok
14:11:54.0890 0x0338  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:11:54.0890 0x0338  NetBT - ok
14:11:54.0937 0x0338  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:11:54.0937 0x0338  NetDDE - ok
14:11:54.0937 0x0338  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:11:54.0937 0x0338  NetDDEdsdm - ok
14:11:55.0000 0x0338  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:11:55.0000 0x0338  Netlogon - ok
14:11:55.0046 0x0338  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:11:55.0062 0x0338  Netman - ok
14:11:55.0109 0x0338  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:11:55.0109 0x0338  NIC1394 - ok
14:11:55.0140 0x0338  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:11:55.0140 0x0338  Nla - ok
14:11:55.0156 0x0338  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:11:55.0156 0x0338  Npfs - ok
14:11:55.0171 0x0338  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:11:55.0187 0x0338  Ntfs - ok
14:11:55.0187 0x0338  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:11:55.0187 0x0338  NtLmSsp - ok
14:11:55.0234 0x0338  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:11:55.0234 0x0338  NtmsSvc - ok
14:11:55.0265 0x0338  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:11:55.0265 0x0338  Null - ok
14:11:55.0390 0x0338  [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:11:55.0406 0x0338  nv - ok
14:11:55.0421 0x0338  [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
14:11:55.0437 0x0338  NVSvc - ok
14:11:55.0468 0x0338  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:11:55.0468 0x0338  NwlnkFlt - ok
14:11:55.0468 0x0338  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:11:55.0468 0x0338  NwlnkFwd - ok
14:11:55.0625 0x0338  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:11:55.0640 0x0338  odserv - ok
14:11:55.0671 0x0338  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:11:55.0671 0x0338  ohci1394 - ok
14:11:55.0750 0x0338  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:55.0765 0x0338  ose - ok
14:11:55.0796 0x0338  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:11:55.0796 0x0338  Parport - ok
14:11:55.0812 0x0338  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:11:55.0812 0x0338  PartMgr - ok
14:11:55.0859 0x0338  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:11:55.0859 0x0338  ParVdm - ok
14:11:55.0890 0x0338  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:11:55.0890 0x0338  PCI - ok
14:11:55.0890 0x0338  PCIDump - ok
14:11:55.0890 0x0338  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:11:55.0890 0x0338  PCIIde - ok
14:11:55.0921 0x0338  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:11:55.0937 0x0338  Pcmcia - ok
14:11:55.0937 0x0338  PDCOMP - ok
14:11:55.0937 0x0338  PDFRAME - ok
14:11:55.0937 0x0338  PDRELI - ok
14:11:55.0937 0x0338  PDRFRAME - ok
14:11:55.0953 0x0338  perc2 - ok
14:11:55.0953 0x0338  perc2hib - ok
14:11:55.0984 0x0338  [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT         C:\WINDOWS\system32\drivers\PfModNT.sys
14:11:55.0984 0x0338  PfModNT - ok
14:11:56.0000 0x0338  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:11:56.0000 0x0338  PlugPlay - ok
14:11:56.0015 0x0338  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:11:56.0015 0x0338  PolicyAgent - ok
14:11:56.0031 0x0338  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:11:56.0031 0x0338  PptpMiniport - ok
14:11:56.0031 0x0338  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:11:56.0031 0x0338  ProtectedStorage - ok
14:11:56.0031 0x0338  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:11:56.0031 0x0338  PSched - ok
14:11:56.0046 0x0338  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:11:56.0046 0x0338  Ptilink - ok
14:11:56.0062 0x0338  ql1080 - ok
14:11:56.0062 0x0338  Ql10wnt - ok
14:11:56.0062 0x0338  ql12160 - ok
14:11:56.0062 0x0338  ql1240 - ok
14:11:56.0062 0x0338  ql1280 - ok
14:11:56.0109 0x0338  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:11:56.0109 0x0338  RasAcd - ok
14:11:56.0156 0x0338  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:11:56.0156 0x0338  RasAuto - ok
14:11:56.0171 0x0338  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:11:56.0171 0x0338  Rasl2tp - ok
14:11:56.0203 0x0338  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:11:56.0203 0x0338  RasMan - ok
14:11:56.0203 0x0338  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:11:56.0203 0x0338  RasPppoe - ok
14:11:56.0218 0x0338  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:11:56.0218 0x0338  Raspti - ok
14:11:56.0234 0x0338  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:11:56.0250 0x0338  Rdbss - ok
14:11:56.0250 0x0338  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:11:56.0250 0x0338  RDPCDD - ok
14:11:56.0312 0x0338  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:11:56.0312 0x0338  rdpdr - ok
14:11:56.0343 0x0338  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:11:56.0343 0x0338  RDPWD - ok
14:11:56.0390 0x0338  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:11:56.0390 0x0338  RDSessMgr - ok
14:11:56.0437 0x0338  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:11:56.0437 0x0338  redbook - ok
14:11:56.0484 0x0338  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:11:56.0484 0x0338  RemoteAccess - ok
14:11:56.0531 0x0338  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:11:56.0531 0x0338  RemoteRegistry - ok
14:11:56.0562 0x0338  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:11:56.0562 0x0338  RpcLocator - ok
14:11:56.0609 0x0338  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:11:56.0609 0x0338  RpcSs - ok
14:11:56.0656 0x0338  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:11:56.0656 0x0338  RSVP - ok
14:11:56.0671 0x0338  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:11:56.0671 0x0338  SamSs - ok
14:11:56.0718 0x0338  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:11:56.0718 0x0338  SCardSvr - ok
14:11:56.0796 0x0338  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:11:56.0796 0x0338  Schedule - ok
14:11:56.0843 0x0338  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:11:56.0843 0x0338  Secdrv - ok
14:11:56.0890 0x0338  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:11:56.0906 0x0338  seclogon - ok
14:11:56.0906 0x0338  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:11:56.0906 0x0338  SENS - ok
14:11:56.0921 0x0338  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:11:56.0921 0x0338  serenum - ok
14:11:56.0937 0x0338  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:11:56.0937 0x0338  Serial - ok
14:11:56.0937 0x0338  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:11:56.0937 0x0338  Sfloppy - ok
14:11:56.0968 0x0338  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:11:56.0984 0x0338  SharedAccess - ok
14:11:57.0000 0x0338  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:11:57.0000 0x0338  ShellHWDetection - ok
14:11:57.0000 0x0338  Simbad - ok
14:11:57.0078 0x0338  [ 70B8DD8707DBF6142530C106365DF67D ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
14:11:57.0078 0x0338  smwdm - ok
14:11:57.0078 0x0338  Sparrow - ok
14:11:57.0125 0x0338  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:11:57.0125 0x0338  splitter - ok
14:11:57.0171 0x0338  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:11:57.0171 0x0338  Spooler - ok
14:11:57.0234 0x0338  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:11:57.0234 0x0338  sr - ok
14:11:57.0250 0x0338  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:11:57.0250 0x0338  srservice - ok
14:11:57.0312 0x0338  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:11:57.0328 0x0338  Srv - ok
14:11:57.0375 0x0338  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:11:57.0375 0x0338  SSDPSRV - ok
14:11:57.0437 0x0338  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
14:11:57.0437 0x0338  StillCam - ok
14:11:57.0546 0x0338  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:11:57.0546 0x0338  stisvc - ok
14:11:57.0562 0x0338  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:11:57.0562 0x0338  swenum - ok
14:11:57.0609 0x0338  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:11:57.0609 0x0338  swmidi - ok
14:11:57.0609 0x0338  SwPrv - ok
14:11:57.0625 0x0338  symc810 - ok
14:11:57.0625 0x0338  symc8xx - ok
14:11:57.0625 0x0338  sym_hi - ok
14:11:57.0625 0x0338  sym_u3 - ok
14:11:57.0671 0x0338  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:11:57.0687 0x0338  sysaudio - ok
14:11:57.0718 0x0338  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:11:57.0718 0x0338  SysmonLog - ok
14:11:57.0765 0x0338  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:11:57.0781 0x0338  TapiSrv - ok
14:11:57.0890 0x0338  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:11:57.0890 0x0338  Tcpip - ok
14:11:57.0921 0x0338  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:11:57.0921 0x0338  TDPIPE - ok
14:11:57.0937 0x0338  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:11:57.0937 0x0338  TDTCP - ok
14:11:57.0984 0x0338  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:11:57.0984 0x0338  TermDD - ok
14:11:58.0000 0x0338  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:11:58.0015 0x0338  TermService - ok
14:11:58.0031 0x0338  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:11:58.0031 0x0338  Themes - ok
14:11:58.0062 0x0338  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:11:58.0078 0x0338  TlntSvr - ok
14:11:58.0078 0x0338  TosIde - ok
14:11:58.0109 0x0338  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:11:58.0109 0x0338  TrkWks - ok
14:11:58.0125 0x0338  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:11:58.0140 0x0338  Udfs - ok
14:11:58.0140 0x0338  ultra - ok
14:11:58.0187 0x0338  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:11:58.0187 0x0338  Update - ok
14:11:58.0234 0x0338  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:11:58.0234 0x0338  upnphost - ok
14:11:58.0250 0x0338  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:11:58.0250 0x0338  UPS - ok
14:11:58.0281 0x0338  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:11:58.0281 0x0338  usbccgp - ok
14:11:58.0296 0x0338  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:11:58.0296 0x0338  usbehci - ok
14:11:58.0343 0x0338  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:11:58.0343 0x0338  usbhub - ok
14:11:58.0390 0x0338  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:11:58.0390 0x0338  usbprint - ok
14:11:58.0421 0x0338  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:11:58.0421 0x0338  usbscan - ok
14:11:58.0453 0x0338  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:11:58.0453 0x0338  USBSTOR - ok
14:11:58.0484 0x0338  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:11:58.0484 0x0338  usbuhci - ok
14:11:58.0500 0x0338  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:11:58.0500 0x0338  VgaSave - ok
14:11:58.0500 0x0338  ViaIde - ok
14:11:58.0515 0x0338  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:11:58.0515 0x0338  VolSnap - ok
14:11:58.0562 0x0338  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:11:58.0562 0x0338  VSS - ok
14:11:58.0609 0x0338  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:11:58.0625 0x0338  W32Time - ok
14:11:58.0640 0x0338  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:11:58.0640 0x0338  Wanarp - ok
14:11:58.0640 0x0338  WDICA - ok
14:11:58.0687 0x0338  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:11:58.0687 0x0338  wdmaud - ok
14:11:58.0703 0x0338  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:11:58.0703 0x0338  WebClient - ok
14:11:58.0828 0x0338  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:11:58.0828 0x0338  winmgmt - ok
14:11:58.0875 0x0338  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:11:58.0875 0x0338  WmdmPmSN - ok
14:11:58.0953 0x0338  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:11:58.0953 0x0338  Wmi - ok
14:11:59.0015 0x0338  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:11:59.0015 0x0338  WmiApSrv - ok
14:11:59.0046 0x0338  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:11:59.0062 0x0338  wscsvc - ok
14:11:59.0109 0x0338  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:11:59.0109 0x0338  wuauserv - ok
14:11:59.0156 0x0338  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:11:59.0156 0x0338  WZCSVC - ok
14:11:59.0187 0x0338  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:11:59.0203 0x0338  xmlprov - ok
14:11:59.0203 0x0338  ================ Scan global ===============================
14:11:59.0234 0x0338  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:11:59.0296 0x0338  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:11:59.0328 0x0338  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:11:59.0359 0x0338  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:11:59.0359 0x0338  [Global] - ok
14:11:59.0359 0x0338  ================ Scan MBR ==================================
14:11:59.0375 0x0338  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:11:59.0578 0x0338  \Device\Harddisk0\DR0 - ok
14:11:59.0578 0x0338  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR6
14:11:59.0593 0x0338  \Device\Harddisk2\DR6 - ok
14:11:59.0593 0x0338  ================ Scan VBR ==================================
14:11:59.0593 0x0338  [ F4ED78B8F9680F3E3AE43AF686EBE723 ] \Device\Harddisk0\DR0\Partition1
14:11:59.0593 0x0338  \Device\Harddisk0\DR0\Partition1 - ok
14:11:59.0593 0x0338  [ 5C1AE3923FD369A3F72955CEED5FA551 ] \Device\Harddisk2\DR6\Partition1
14:11:59.0593 0x0338  \Device\Harddisk2\DR6\Partition1 - ok
14:11:59.0593 0x0338  ============================================================
14:11:59.0593 0x0338  Scan finished
14:11:59.0593 0x0338  ============================================================
14:11:59.0593 0x04a4  Detected object count: 0
14:11:59.0593 0x04a4  Actual detected object count: 0
14:13:09.0750 0x06c4  ============================================================
14:13:09.0750 0x06c4  Scan started
14:13:09.0750 0x06c4  Mode: Manual;
14:13:09.0750 0x06c4  ============================================================
14:13:10.0609 0x06c4  ================ Scan system memory ========================
14:13:10.0609 0x06c4  System memory - ok
14:13:10.0625 0x06c4  ================ Scan services =============================
14:13:10.0718 0x06c4  Abiosdsk - ok
14:13:10.0734 0x06c4  abp480n5 - ok
14:13:10.0828 0x06c4  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:13:10.0843 0x06c4  ACPI - ok
14:13:10.0906 0x06c4  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:13:10.0906 0x06c4  ACPIEC - ok
14:13:10.0937 0x06c4  adpu160m - ok
14:13:11.0000 0x06c4  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
14:13:11.0000 0x06c4  aeaudio - ok
14:13:11.0093 0x06c4  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:13:11.0093 0x06c4  aec - ok
14:13:11.0171 0x06c4  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:13:11.0171 0x06c4  AFD - ok
14:13:11.0265 0x06c4  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:13:11.0265 0x06c4  agp440 - ok
14:13:11.0296 0x06c4  Aha154x - ok
14:13:11.0359 0x06c4  aic78u2 - ok
14:13:11.0390 0x06c4  aic78xx - ok
14:13:11.0453 0x06c4  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:13:11.0453 0x06c4  Alerter - ok
14:13:11.0515 0x06c4  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:13:11.0515 0x06c4  ALG - ok
14:13:11.0546 0x06c4  AliIde - ok
14:13:11.0578 0x06c4  amsint - ok
14:13:11.0625 0x06c4  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:13:11.0640 0x06c4  AppMgmt - ok
14:13:11.0687 0x06c4  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:13:11.0687 0x06c4  Arp1394 - ok
14:13:11.0734 0x06c4  asc - ok
14:13:11.0765 0x06c4  asc3350p - ok
14:13:11.0796 0x06c4  asc3550 - ok
14:13:11.0859 0x06c4  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:13:11.0859 0x06c4  AsyncMac - ok
14:13:11.0921 0x06c4  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:13:11.0921 0x06c4  atapi - ok
14:13:11.0953 0x06c4  Atdisk - ok
14:13:12.0031 0x06c4  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:13:12.0031 0x06c4  Atmarpc - ok
14:13:12.0093 0x06c4  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:13:12.0093 0x06c4  AudioSrv - ok
14:13:12.0171 0x06c4  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:13:12.0171 0x06c4  audstub - ok
14:13:12.0328 0x06c4  [ 41347688046D49CDE0F6D138A534F73D ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:13:12.0343 0x06c4  BCMModem - ok
14:13:12.0421 0x06c4  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:13:12.0421 0x06c4  Beep - ok
14:13:12.0515 0x06c4  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:13:12.0515 0x06c4  BITS - ok
14:13:12.0593 0x06c4  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:13:12.0593 0x06c4  Browser - ok
14:13:12.0656 0x06c4  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:13:12.0656 0x06c4  cbidf2k - ok
14:13:12.0687 0x06c4  cd20xrnt - ok
14:13:12.0750 0x06c4  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:13:12.0765 0x06c4  Cdaudio - ok
14:13:12.0781 0x06c4  Scan interrupted by user!
14:13:12.0781 0x06c4  ================ Scan global ===============================
14:13:12.0781 0x06c4  Scan interrupted by user!
14:13:12.0781 0x06c4  ================ Scan MBR ==================================
14:13:12.0781 0x06c4  Scan interrupted by user!
14:13:12.0781 0x06c4  ================ Scan VBR ==================================
14:13:12.0781 0x06c4  Scan interrupted by user!
14:13:12.0781 0x06c4  ============================================================
14:13:12.0781 0x06c4  Scan finished
14:13:12.0781 0x06c4  ============================================================
14:13:12.0828 0x00c8  Detected object count: 0
14:13:12.0828 0x00c8  Actual detected object count: 0
14:13:20.0000 0x015c  ============================================================
14:13:20.0000 0x015c  Scan started
14:13:20.0000 0x015c  Mode: Manual; SigCheck; TDLFS;
14:13:20.0000 0x015c  ============================================================
14:13:20.0156 0x015c  ================ Scan system memory ========================
14:13:20.0156 0x015c  System memory - ok
14:13:20.0171 0x015c  ================ Scan services =============================
14:13:20.0296 0x015c  Abiosdsk - ok
14:13:20.0343 0x015c  abp480n5 - ok
14:13:20.0406 0x015c  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:13:20.0750 0x015c  ACPI - ok
14:13:20.0812 0x015c  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:13:20.0968 0x015c  ACPIEC - ok
14:13:20.0984 0x015c  adpu160m - ok
14:13:21.0046 0x015c  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
14:13:21.0109 0x015c  aeaudio - ok
14:13:21.0171 0x015c  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:13:21.0375 0x015c  aec - ok
14:13:21.0421 0x015c  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:13:21.0468 0x015c  AFD - ok
14:13:21.0531 0x015c  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:13:21.0703 0x015c  agp440 - ok
14:13:21.0718 0x015c  Aha154x - ok
14:13:21.0765 0x015c  aic78u2 - ok
14:13:21.0796 0x015c  aic78xx - ok
14:13:21.0875 0x015c  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:13:22.0031 0x015c  Alerter - ok
14:13:22.0062 0x015c  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:13:22.0156 0x015c  ALG - ok
14:13:22.0187 0x015c  AliIde - ok
14:13:22.0218 0x015c  amsint - ok
14:13:22.0265 0x015c  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:13:22.0328 0x015c  AppMgmt - ok
14:13:22.0375 0x015c  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:13:22.0531 0x015c  Arp1394 - ok
14:13:22.0562 0x015c  asc - ok
14:13:22.0593 0x015c  asc3350p - ok
14:13:22.0609 0x015c  asc3550 - ok
14:13:22.0656 0x015c  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:13:22.0843 0x015c  AsyncMac - ok
14:13:22.0890 0x015c  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:13:23.0062 0x015c  atapi - ok
14:13:23.0078 0x015c  Atdisk - ok
14:13:23.0140 0x015c  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:13:23.0296 0x015c  Atmarpc - ok
14:13:23.0343 0x015c  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:13:23.0546 0x015c  AudioSrv - ok
14:13:23.0593 0x015c  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:13:23.0781 0x015c  audstub - ok
14:13:23.0906 0x015c  [ 41347688046D49CDE0F6D138A534F73D ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:13:23.0984 0x015c  BCMModem - ok
14:13:24.0031 0x015c  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:13:24.0218 0x015c  Beep - ok
14:13:24.0312 0x015c  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:13:24.0531 0x015c  BITS - ok
14:13:24.0609 0x015c  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:13:24.0640 0x015c  Browser - ok
14:13:24.0687 0x015c  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:13:24.0875 0x015c  cbidf2k - ok
14:13:24.0906 0x015c  cd20xrnt - ok
14:13:24.0968 0x015c  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:13:25.0156 0x015c  Cdaudio - ok
14:13:25.0203 0x015c  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:13:25.0406 0x015c  Cdfs - ok
14:13:25.0468 0x015c  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:13:25.0640 0x015c  Cdrom - ok
14:13:25.0687 0x015c  cerc6 - ok
14:13:25.0703 0x015c  Changer - ok
14:13:25.0765 0x015c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:13:25.0937 0x015c  CiSvc - ok
14:13:25.0968 0x015c  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:13:26.0156 0x015c  ClipSrv - ok
14:13:26.0171 0x015c  CmdIde - ok
14:13:26.0218 0x015c  COMSysApp - ok
14:13:26.0281 0x015c  Cpqarray - ok
14:13:26.0359 0x015c  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:13:26.0546 0x015c  CryptSvc - ok
14:13:26.0562 0x015c  dac2w2k - ok
14:13:26.0609 0x015c  dac960nt - ok
14:13:26.0687 0x015c  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:13:26.0781 0x015c  DcomLaunch - ok
14:13:26.0828 0x015c  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:13:27.0000 0x015c  Dhcp - ok
14:13:27.0062 0x015c  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:13:27.0265 0x015c  Disk - ok
14:13:27.0281 0x015c  dmadmin - ok
14:13:27.0375 0x015c  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:13:27.0593 0x015c  dmboot - ok
14:13:27.0671 0x015c  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:13:27.0875 0x015c  dmio - ok
14:13:27.0937 0x015c  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:13:28.0125 0x015c  dmload - ok
14:13:28.0171 0x015c  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:13:28.0359 0x015c  dmserver - ok
14:13:28.0406 0x015c  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:13:28.0593 0x015c  DMusic - ok
14:13:28.0656 0x015c  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:13:28.0687 0x015c  Dnscache - ok
14:13:28.0750 0x015c  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:13:28.0937 0x015c  Dot3svc - ok
14:13:28.0953 0x015c  dpti2o - ok
14:13:29.0015 0x015c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:13:29.0187 0x015c  drmkaud - ok
14:13:29.0265 0x015c  [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:13:29.0312 0x015c  E100B - ok
14:13:29.0359 0x015c  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:13:29.0562 0x015c  EapHost - ok
14:13:29.0609 0x015c  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:13:29.0812 0x015c  ERSvc - ok
14:13:29.0875 0x015c  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:13:29.0921 0x015c  Eventlog - ok
14:13:29.0984 0x015c  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:13:30.0046 0x015c  EventSystem - ok
14:13:30.0109 0x015c  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:13:30.0312 0x015c  Fastfat - ok
14:13:30.0375 0x015c  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:13:30.0406 0x015c  FastUserSwitchingCompatibility - ok
14:13:30.0453 0x015c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:13:30.0656 0x015c  Fdc - ok
14:13:30.0718 0x015c  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:13:30.0906 0x015c  Fips - ok
14:13:30.0937 0x015c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:13:31.0156 0x015c  Flpydisk - ok
14:13:31.0218 0x015c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:13:31.0390 0x015c  FltMgr - ok
14:13:31.0437 0x015c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:13:31.0640 0x015c  Fs_Rec - ok
14:13:31.0687 0x015c  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:13:31.0859 0x015c  Ftdisk - ok
14:13:31.0906 0x015c  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:13:32.0078 0x015c  Gpc - ok
14:13:32.0140 0x015c  gupdate - ok
14:13:32.0156 0x015c  gupdatem - ok
14:13:32.0234 0x015c  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:13:32.0437 0x015c  helpsvc - ok
14:13:32.0500 0x015c  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:13:32.0687 0x015c  HidServ - ok
14:13:32.0718 0x015c  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:13:32.0906 0x015c  hidusb - ok
14:13:32.0921 0x015c  HitmanPro37CrusaderBoot - ok
14:13:32.0968 0x015c  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:13:33.0125 0x015c  hkmsvc - ok
14:13:33.0156 0x015c  hpn - ok
14:13:33.0218 0x015c  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:13:33.0250 0x015c  HTTP - ok
14:13:33.0312 0x015c  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:13:33.0500 0x015c  HTTPFilter - ok
14:13:33.0531 0x015c  i2omgmt - ok
14:13:33.0562 0x015c  i2omp - ok
14:13:33.0625 0x015c  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
14:13:33.0812 0x015c  i8042prt - ok
14:13:33.0875 0x015c  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:13:34.0078 0x015c  Imapi - ok
14:13:34.0156 0x015c  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:13:34.0359 0x015c  ImapiService - ok
14:13:34.0406 0x015c  ini910u - ok
14:13:34.0500 0x015c  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:13:34.0703 0x015c  IntelIde - ok
14:13:34.0750 0x015c  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:13:34.0953 0x015c  intelppm - ok
14:13:34.0984 0x015c  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:13:35.0187 0x015c  Ip6Fw - ok
14:13:35.0234 0x015c  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:13:35.0421 0x015c  IpFilterDriver - ok
14:13:35.0453 0x015c  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:13:35.0656 0x015c  IpInIp - ok
14:13:35.0718 0x015c  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:13:35.0906 0x015c  IpNat - ok
14:13:35.0953 0x015c  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:13:36.0125 0x015c  IPSec - ok
14:13:36.0156 0x015c  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:13:36.0234 0x015c  IRENUM - ok
14:13:36.0265 0x015c  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:13:36.0484 0x015c  isapnp - ok
14:13:36.0515 0x015c  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:13:36.0703 0x015c  Kbdclass - ok
14:13:36.0734 0x015c  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:13:36.0953 0x015c  kbdhid - ok
14:13:36.0984 0x015c  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:13:37.0218 0x015c  kmixer - ok
14:13:37.0281 0x015c  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:13:37.0328 0x015c  KSecDD - ok
14:13:37.0375 0x015c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:13:37.0421 0x015c  LanmanServer - ok
14:13:37.0484 0x015c  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:13:37.0531 0x015c  lanmanworkstation - ok
14:13:37.0546 0x015c  lbrtfdc - ok
14:13:37.0656 0x015c  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:13:37.0843 0x015c  LmHosts - ok
14:13:37.0859 0x015c  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:13:38.0062 0x015c  Messenger - ok
14:13:38.0109 0x015c  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:13:38.0296 0x015c  mnmdd - ok
14:13:38.0343 0x015c  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:13:38.0515 0x015c  mnmsrvc - ok
14:13:38.0562 0x015c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:13:38.0750 0x015c  Modem - ok
14:13:38.0781 0x015c  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:13:38.0937 0x015c  MODEMCSA - ok
14:13:38.0984 0x015c  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:13:39.0203 0x015c  Mouclass - ok
14:13:39.0265 0x015c  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:13:39.0453 0x015c  mouhid - ok
14:13:39.0515 0x015c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:13:39.0718 0x015c  MountMgr - ok
14:13:39.0734 0x015c  mraid35x - ok
14:13:39.0796 0x015c  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:13:40.0000 0x015c  MRxDAV - ok
14:13:40.0078 0x015c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:13:40.0109 0x015c  MRxSmb - ok
14:13:40.0156 0x015c  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:13:40.0312 0x015c  MSDTC - ok
14:13:40.0375 0x015c  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:13:40.0578 0x015c  Msfs - ok
14:13:40.0593 0x015c  MSIServer - ok
14:13:40.0656 0x015c  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:13:40.0828 0x015c  MSKSSRV - ok
14:13:40.0859 0x015c  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:13:41.0031 0x015c  MSPCLOCK - ok
14:13:41.0046 0x015c  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:13:41.0218 0x015c  MSPQM - ok
14:13:41.0250 0x015c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:13:41.0421 0x015c  mssmbios - ok
14:13:41.0468 0x015c  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:13:41.0500 0x015c  Mup - ok
14:13:41.0562 0x015c  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:13:41.0734 0x015c  napagent - ok
14:13:41.0781 0x015c  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:13:41.0984 0x015c  NDIS - ok
14:13:42.0031 0x015c  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:13:42.0109 0x015c  NdisTapi - ok
14:13:42.0171 0x015c  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:13:42.0359 0x015c  Ndisuio - ok
14:13:42.0421 0x015c  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:13:42.0609 0x015c  NdisWan - ok
14:13:42.0656 0x015c  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:13:42.0703 0x015c  NDProxy - ok
14:13:42.0781 0x015c  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:13:42.0937 0x015c  NetBIOS - ok
14:13:42.0984 0x015c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:13:43.0171 0x015c  NetBT - ok
14:13:43.0218 0x015c  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:13:43.0390 0x015c  NetDDE - ok
14:13:43.0406 0x015c  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:13:43.0609 0x015c  NetDDEdsdm - ok
14:13:43.0687 0x015c  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:13:43.0875 0x015c  Netlogon - ok
14:13:43.0953 0x015c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:13:44.0140 0x015c  Netman - ok
14:13:44.0203 0x015c  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:13:44.0390 0x015c  NIC1394 - ok
14:13:44.0453 0x015c  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:13:44.0484 0x015c  Nla - ok
14:13:44.0546 0x015c  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:13:44.0734 0x015c  Npfs - ok
14:13:44.0812 0x015c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:13:45.0015 0x015c  Ntfs - ok
14:13:45.0062 0x015c  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:13:45.0250 0x015c  NtLmSsp - ok
14:13:45.0328 0x015c  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:13:45.0500 0x015c  NtmsSvc - ok
14:13:45.0562 0x015c  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:13:45.0765 0x015c  Null - ok
14:13:45.0890 0x015c  [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:13:46.0031 0x015c  nv - ok
14:13:46.0109 0x015c  [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
14:13:46.0156 0x015c  NVSvc - ok
14:13:46.0203 0x015c  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:13:46.0375 0x015c  NwlnkFlt - ok
14:13:46.0390 0x015c  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:13:46.0593 0x015c  NwlnkFwd - ok
14:13:46.0781 0x015c  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:13:46.0812 0x015c  odserv - ok
14:13:46.0859 0x015c  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:13:47.0031 0x015c  ohci1394 - ok
14:13:47.0109 0x015c  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:13:47.0125 0x015c  ose - ok
14:13:47.0156 0x015c  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:13:47.0359 0x015c  Parport - ok
14:13:47.0406 0x015c  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:13:47.0593 0x015c  PartMgr - ok
14:13:47.0671 0x015c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:13:47.0859 0x015c  ParVdm - ok
14:13:47.0921 0x015c  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:13:48.0093 0x015c  PCI - ok
14:13:48.0093 0x015c  PCIDump - ok
14:13:48.0093 0x015c  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:13:48.0234 0x015c  PCIIde - ok
14:13:48.0265 0x015c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:13:48.0453 0x015c  Pcmcia - ok
14:13:48.0468 0x015c  PDCOMP - ok
14:13:48.0500 0x015c  PDFRAME - ok
14:13:48.0531 0x015c  PDRELI - ok
14:13:48.0578 0x015c  PDRFRAME - ok
14:13:48.0609 0x015c  perc2 - ok
14:13:48.0625 0x015c  perc2hib - ok
14:13:48.0765 0x015c  [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT         C:\WINDOWS\system32\drivers\PfModNT.sys
14:13:48.0796 0x015c  PfModNT ( UnsignedFile.Multi.Generic ) - warning
14:13:48.0796 0x015c  PfModNT - detected UnsignedFile.Multi.Generic (1)
14:13:48.0843 0x015c  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:13:48.0875 0x015c  PlugPlay - ok
14:13:48.0906 0x015c  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:13:49.0062 0x015c  PolicyAgent - ok
14:13:49.0125 0x015c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:13:49.0296 0x015c  PptpMiniport - ok
14:13:49.0359 0x015c  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:13:49.0531 0x015c  ProtectedStorage - ok
14:13:49.0593 0x015c  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:13:49.0781 0x015c  PSched - ok
14:13:49.0843 0x015c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:13:50.0015 0x015c  Ptilink - ok
14:13:50.0078 0x015c  ql1080 - ok
14:13:50.0093 0x015c  Ql10wnt - ok
14:13:50.0125 0x015c  ql12160 - ok
14:13:50.0156 0x015c  ql1240 - ok
14:13:50.0187 0x015c  ql1280 - ok
14:13:50.0265 0x015c  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:13:50.0421 0x015c  RasAcd - ok
14:13:50.0484 0x015c  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:13:50.0671 0x015c  RasAuto - ok
14:13:50.0703 0x015c  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:13:50.0875 0x015c  Rasl2tp - ok
14:13:50.0921 0x015c  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:13:51.0078 0x015c  RasMan - ok
14:13:51.0125 0x015c  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:13:51.0312 0x015c  RasPppoe - ok
14:13:51.0328 0x015c  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:13:51.0515 0x015c  Raspti - ok
14:13:51.0562 0x015c  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:13:51.0734 0x015c  Rdbss - ok
14:13:51.0750 0x015c  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:13:51.0906 0x015c  RDPCDD - ok
14:13:52.0000 0x015c  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:13:52.0187 0x015c  rdpdr - ok
14:13:52.0250 0x015c  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:13:52.0296 0x015c  RDPWD - ok
14:13:52.0359 0x015c  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:13:52.0546 0x015c  RDSessMgr - ok
14:13:52.0609 0x015c  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:13:52.0796 0x015c  redbook - ok
14:13:52.0828 0x015c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:13:52.0984 0x015c  RemoteAccess - ok
14:13:53.0046 0x015c  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:13:53.0218 0x015c  RemoteRegistry - ok
14:13:53.0265 0x015c  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:13:53.0437 0x015c  RpcLocator - ok
14:13:53.0500 0x015c  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:13:53.0531 0x015c  RpcSs - ok
14:13:53.0578 0x015c  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:13:53.0734 0x015c  RSVP - ok
14:13:53.0765 0x015c  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:13:53.0937 0x015c  SamSs - ok
14:13:53.0984 0x015c  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:13:54.0171 0x015c  SCardSvr - ok
14:13:54.0234 0x015c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:13:54.0406 0x015c  Schedule - ok
14:13:54.0468 0x015c  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:13:54.0531 0x015c  Secdrv - ok
14:13:54.0578 0x015c  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:13:54.0765 0x015c  seclogon - ok
14:13:54.0828 0x015c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:13:55.0015 0x015c  SENS - ok
14:13:55.0062 0x015c  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:13:55.0218 0x015c  serenum - ok
14:13:55.0250 0x015c  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:13:55.0453 0x015c  Serial - ok
14:13:55.0484 0x015c  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:13:55.0718 0x015c  Sfloppy - ok
14:13:55.0765 0x015c  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:13:56.0000 0x015c  SharedAccess - ok
14:13:56.0062 0x015c  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:13:56.0078 0x015c  ShellHWDetection - ok
14:13:56.0093 0x015c  Simbad - ok
14:13:56.0187 0x015c  [ 70B8DD8707DBF6142530C106365DF67D ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
14:13:56.0250 0x015c  smwdm - ok
14:13:56.0296 0x015c  Sparrow - ok
14:13:56.0359 0x015c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:13:56.0531 0x015c  splitter - ok
14:13:56.0593 0x015c  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:13:56.0640 0x015c  Spooler - ok
14:13:56.0703 0x015c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:13:56.0796 0x015c  sr - ok
14:13:56.0843 0x015c  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:13:56.0906 0x015c  srservice - ok
14:13:56.0984 0x015c  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:13:57.0062 0x015c  Srv - ok
14:13:57.0140 0x015c  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:13:57.0234 0x015c  SSDPSRV - ok
14:13:57.0281 0x015c  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
14:13:57.0437 0x015c  StillCam - ok
14:13:57.0515 0x015c  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:13:57.0718 0x015c  stisvc - ok
14:13:57.0765 0x015c  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:13:57.0937 0x015c  swenum - ok
14:13:58.0000 0x015c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:13:58.0156 0x015c  swmidi - ok
14:13:58.0171 0x015c  SwPrv - ok
14:13:58.0203 0x015c  symc810 - ok
14:13:58.0250 0x015c  symc8xx - ok
14:13:58.0281 0x015c  sym_hi - ok
14:13:58.0312 0x015c  sym_u3 - ok
14:13:58.0390 0x015c  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:13:58.0562 0x015c  sysaudio - ok
14:13:58.0640 0x015c  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:13:58.0812 0x015c  SysmonLog - ok
14:13:58.0859 0x015c  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:13:59.0015 0x015c  TapiSrv - ok
14:13:59.0109 0x015c  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:13:59.0171 0x015c  Tcpip - ok
14:13:59.0203 0x015c  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:13:59.0375 0x015c  TDPIPE - ok
14:13:59.0421 0x015c  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:13:59.0593 0x015c  TDTCP - ok
14:13:59.0656 0x015c  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:13:59.0812 0x015c  TermDD - ok
14:13:59.0859 0x015c  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:14:00.0046 0x015c  TermService - ok
14:14:00.0093 0x015c  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:14:00.0109 0x015c  Themes - ok
14:14:00.0171 0x015c  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:14:00.0234 0x015c  TlntSvr - ok
14:14:00.0265 0x015c  TosIde - ok
14:14:00.0328 0x015c  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:14:00.0531 0x015c  TrkWks - ok
14:14:00.0593 0x015c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:14:00.0765 0x015c  Udfs - ok
14:14:00.0812 0x015c  ultra - ok
14:14:00.0875 0x015c  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:14:01.0062 0x015c  Update - ok
14:14:01.0109 0x015c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:14:01.0171 0x015c  upnphost - ok
14:14:01.0218 0x015c  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:14:01.0390 0x015c  UPS - ok
14:14:01.0437 0x015c  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:14:01.0625 0x015c  usbccgp - ok
14:14:01.0671 0x015c  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:14:01.0859 0x015c  usbehci - ok
14:14:01.0921 0x015c  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:14:02.0109 0x015c  usbhub - ok
14:14:02.0171 0x015c  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:14:02.0359 0x015c  usbprint - ok
14:14:02.0390 0x015c  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:14:02.0546 0x015c  usbscan - ok
14:14:02.0625 0x015c  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:14:02.0796 0x015c  USBSTOR - ok
14:14:02.0828 0x015c  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:14:03.0015 0x015c  usbuhci - ok
14:14:03.0031 0x015c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:14:03.0234 0x015c  VgaSave - ok
14:14:03.0250 0x015c  ViaIde - ok
14:14:03.0312 0x015c  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:14:03.0500 0x015c  VolSnap - ok
14:14:03.0578 0x015c  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:14:03.0671 0x015c  VSS - ok
14:14:03.0734 0x015c  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:14:03.0906 0x015c  W32Time - ok
14:14:04.0000 0x015c  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:14:04.0171 0x015c  Wanarp - ok
14:14:04.0203 0x015c  WDICA - ok
14:14:04.0265 0x015c  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:14:04.0468 0x015c  wdmaud - ok
14:14:04.0515 0x015c  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:14:04.0687 0x015c  WebClient - ok
14:14:04.0796 0x015c  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:14:04.0953 0x015c  winmgmt - ok
14:14:05.0078 0x015c  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:14:05.0218 0x015c  WmdmPmSN - ok
14:14:05.0281 0x015c  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:14:05.0359 0x015c  Wmi - ok
14:14:05.0437 0x015c  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:14:05.0640 0x015c  WmiApSrv - ok
14:14:05.0734 0x015c  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:14:05.0921 0x015c  wscsvc - ok
14:14:05.0984 0x015c  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:14:06.0187 0x015c  wuauserv - ok
14:14:06.0250 0x015c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:14:06.0468 0x015c  WZCSVC - ok
14:14:06.0500 0x015c  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:14:06.0656 0x015c  xmlprov - ok
14:14:06.0703 0x015c  ================ Scan global ===============================
14:14:06.0734 0x015c  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:14:06.0796 0x015c  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:14:06.0828 0x015c  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:14:06.0843 0x015c  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:14:06.0859 0x015c  [Global] - ok
14:14:06.0859 0x015c  ============================================================
14:14:06.0859 0x015c  Scan finished
14:14:06.0859 0x015c  ============================================================
14:14:06.0921 0x05ec  Detected object count: 1
14:14:06.0921 0x05ec  Actual detected object count: 1
14:25:20.0828 0x05ec  PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
14:25:20.0828 0x05ec  PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:25:21.0890 0x02e0  ============================================================
14:25:21.0890 0x02e0  Scan started
14:25:21.0890 0x02e0  Mode: Manual; SigCheck; TDLFS;
14:25:21.0890 0x02e0  ============================================================
14:25:22.0343 0x02e0  ================ Scan system memory ========================
14:25:22.0343 0x02e0  System memory - ok
14:25:22.0359 0x02e0  ================ Scan services =============================
14:25:22.0437 0x02e0  Abiosdsk - ok
14:25:22.0484 0x02e0  abp480n5 - ok
14:25:22.0562 0x02e0  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:25:22.0843 0x02e0  ACPI - ok
14:25:22.0906 0x02e0  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:25:23.0093 0x02e0  ACPIEC - ok
14:25:23.0125 0x02e0  adpu160m - ok
14:25:23.0187 0x02e0  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
14:25:23.0234 0x02e0  aeaudio - ok
14:25:23.0296 0x02e0  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:25:23.0500 0x02e0  aec - ok
14:25:23.0593 0x02e0  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:25:23.0625 0x02e0  AFD - ok
14:25:23.0687 0x02e0  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:25:23.0875 0x02e0  agp440 - ok
14:25:23.0906 0x02e0  Aha154x - ok
14:25:23.0953 0x02e0  aic78u2 - ok
14:25:23.0984 0x02e0  aic78xx - ok
14:25:24.0078 0x02e0  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:25:24.0234 0x02e0  Alerter - ok
14:25:24.0296 0x02e0  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:25:24.0375 0x02e0  ALG - ok
14:25:24.0406 0x02e0  AliIde - ok
14:25:24.0437 0x02e0  amsint - ok
14:25:24.0484 0x02e0  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:25:24.0562 0x02e0  AppMgmt - ok
14:25:24.0609 0x02e0  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:25:24.0812 0x02e0  Arp1394 - ok
14:25:24.0828 0x02e0  asc - ok
14:25:24.0859 0x02e0  asc3350p - ok
14:25:24.0890 0x02e0  asc3550 - ok
14:25:24.0953 0x02e0  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:25:25.0140 0x02e0  AsyncMac - ok
14:25:25.0203 0x02e0  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:25:25.0406 0x02e0  atapi - ok
14:25:25.0437 0x02e0  Atdisk - ok
14:25:25.0500 0x02e0  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:25:25.0671 0x02e0  Atmarpc - ok
14:25:25.0734 0x02e0  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:25:25.0937 0x02e0  AudioSrv - ok
14:25:26.0000 0x02e0  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:25:26.0187 0x02e0  audstub - ok
14:25:26.0312 0x02e0  [ 41347688046D49CDE0F6D138A534F73D ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:25:26.0406 0x02e0  BCMModem - ok
14:25:26.0468 0x02e0  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:25:26.0671 0x02e0  Beep - ok
14:25:26.0718 0x02e0  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:25:26.0937 0x02e0  BITS - ok
14:25:27.0000 0x02e0  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:25:27.0046 0x02e0  Browser - ok
14:25:27.0109 0x02e0  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:25:27.0296 0x02e0  cbidf2k - ok
14:25:27.0328 0x02e0  cd20xrnt - ok
14:25:27.0375 0x02e0  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:25:27.0546 0x02e0  Cdaudio - ok
14:25:27.0609 0x02e0  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:25:27.0828 0x02e0  Cdfs - ok
14:25:27.0890 0x02e0  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:25:28.0078 0x02e0  Cdrom - ok
14:25:28.0109 0x02e0  cerc6 - ok
14:25:28.0140 0x02e0  Changer - ok
14:25:28.0187 0x02e0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:25:28.0421 0x02e0  CiSvc - ok
14:25:28.0453 0x02e0  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:25:28.0640 0x02e0  ClipSrv - ok
14:25:28.0640 0x02e0  CmdIde - ok
14:25:28.0656 0x02e0  COMSysApp - ok
14:25:28.0671 0x02e0  Cpqarray - ok
14:25:28.0734 0x02e0  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:25:28.0921 0x02e0  CryptSvc - ok
14:25:28.0921 0x02e0  dac2w2k - ok
14:25:28.0937 0x02e0  dac960nt - ok
14:25:29.0000 0x02e0  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:25:29.0078 0x02e0  DcomLaunch - ok
14:25:29.0125 0x02e0  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:25:29.0281 0x02e0  Dhcp - ok
14:25:29.0343 0x02e0  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:25:29.0531 0x02e0  Disk - ok
14:25:29.0531 0x02e0  dmadmin - ok
14:25:29.0609 0x02e0  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:25:29.0828 0x02e0  dmboot - ok
14:25:29.0875 0x02e0  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:25:30.0078 0x02e0  dmio - ok
14:25:30.0328 0x02e0  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:25:30.0546 0x02e0  dmload - ok
14:25:30.0578 0x02e0  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:25:30.0765 0x02e0  dmserver - ok
14:25:30.0796 0x02e0  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:25:30.0984 0x02e0  DMusic - ok
14:25:31.0015 0x02e0  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:25:31.0062 0x02e0  Dnscache - ok
14:25:31.0093 0x02e0  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:25:31.0328 0x02e0  Dot3svc - ok
14:25:31.0343 0x02e0  dpti2o - ok
14:25:31.0406 0x02e0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:25:31.0546 0x02e0  drmkaud - ok
14:25:31.0750 0x02e0  [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:25:31.0765 0x02e0  E100B - ok
14:25:31.0812 0x02e0  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:25:32.0000 0x02e0  EapHost - ok
14:25:32.0046 0x02e0  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:25:32.0234 0x02e0  ERSvc - ok
14:25:32.0281 0x02e0  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:25:32.0312 0x02e0  Eventlog - ok
14:25:32.0359 0x02e0  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:25:32.0609 0x02e0  EventSystem - ok
14:25:32.0656 0x02e0  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:25:32.0843 0x02e0  Fastfat - ok
14:25:32.0875 0x02e0  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:25:32.0921 0x02e0  FastUserSwitchingCompatibility - ok
14:25:32.0953 0x02e0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:25:33.0312 0x02e0  Fdc - ok
14:25:33.0343 0x02e0  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:25:33.0546 0x02e0  Fips - ok
14:25:33.0562 0x02e0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:25:33.0750 0x02e0  Flpydisk - ok
14:25:33.0859 0x02e0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:25:34.0109 0x02e0  FltMgr - ok
14:25:34.0140 0x02e0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:25:34.0312 0x02e0  Fs_Rec - ok
14:25:34.0359 0x02e0  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:25:34.0515 0x02e0  Ftdisk - ok
14:25:34.0562 0x02e0  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:25:34.0750 0x02e0  Gpc - ok
14:25:34.0781 0x02e0  gupdate - ok
14:25:34.0796 0x02e0  gupdatem - ok
14:25:34.0843 0x02e0  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:25:35.0015 0x02e0  helpsvc - ok
14:25:35.0062 0x02e0  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:25:35.0218 0x02e0  HidServ - ok
14:25:35.0250 0x02e0  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:25:35.0437 0x02e0  hidusb - ok
14:25:35.0437 0x02e0  HitmanPro37CrusaderBoot - ok
14:25:35.0484 0x02e0  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:25:35.0656 0x02e0  hkmsvc - ok
14:25:35.0656 0x02e0  hpn - ok
14:25:35.0703 0x02e0  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:25:35.0734 0x02e0  HTTP - ok
14:25:35.0765 0x02e0  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:25:35.0953 0x02e0  HTTPFilter - ok
14:25:35.0953 0x02e0  i2omgmt - ok
14:25:35.0968 0x02e0  i2omp - ok
14:25:36.0015 0x02e0  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
14:25:36.0218 0x02e0  i8042prt - ok
14:25:36.0250 0x02e0  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:25:36.0437 0x02e0  Imapi - ok
14:25:36.0484 0x02e0  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:25:36.0656 0x02e0  ImapiService - ok
14:25:36.0671 0x02e0  ini910u - ok
14:25:36.0718 0x02e0  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:25:36.0906 0x02e0  IntelIde - ok
14:25:36.0937 0x02e0  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:25:37.0234 0x02e0  intelppm - ok
14:25:37.0250 0x02e0  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:25:37.0406 0x02e0  Ip6Fw - ok
14:25:37.0453 0x02e0  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:25:37.0875 0x02e0  IpFilterDriver - ok
14:25:37.0906 0x02e0  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:25:38.0046 0x02e0  IpInIp - ok
14:25:38.0093 0x02e0  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:25:38.0281 0x02e0  IpNat - ok
14:25:38.0359 0x02e0  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:25:38.0531 0x02e0  IPSec - ok
14:25:38.0578 0x02e0  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:25:38.0656 0x02e0  IRENUM - ok
14:25:38.0703 0x02e0  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:25:38.0890 0x02e0  isapnp - ok
14:25:38.0921 0x02e0  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:25:39.0109 0x02e0  Kbdclass - ok
14:25:39.0140 0x02e0  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:25:39.0296 0x02e0  kbdhid - ok
14:25:39.0312 0x02e0  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:25:39.0531 0x02e0  kmixer - ok
14:25:39.0578 0x02e0  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:25:39.0609 0x02e0  KSecDD - ok
14:25:39.0656 0x02e0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:25:39.0703 0x02e0  LanmanServer - ok
14:25:39.0734 0x02e0  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:25:39.0781 0x02e0  lanmanworkstation - ok
14:25:39.0796 0x02e0  lbrtfdc - ok
14:25:39.0843 0x02e0  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:25:40.0031 0x02e0  LmHosts - ok
14:25:40.0046 0x02e0  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:25:40.0218 0x02e0  Messenger - ok
14:25:40.0265 0x02e0  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:25:40.0468 0x02e0  mnmdd - ok
14:25:40.0500 0x02e0  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:25:40.0656 0x02e0  mnmsrvc - ok
14:25:40.0718 0x02e0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:25:41.0000 0x02e0  Modem - ok
14:25:41.0125 0x02e0  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:25:41.0406 0x02e0  MODEMCSA - ok
14:25:41.0468 0x02e0  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:25:41.0625 0x02e0  Mouclass - ok
14:25:41.0656 0x02e0  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:25:41.0828 0x02e0  mouhid - ok
14:25:41.0875 0x02e0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:25:42.0046 0x02e0  MountMgr - ok
14:25:42.0046 0x02e0  mraid35x - ok
14:25:42.0093 0x02e0  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:25:42.0265 0x02e0  MRxDAV - ok
14:25:42.0343 0x02e0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:25:42.0375 0x02e0  MRxSmb - ok
14:25:42.0406 0x02e0  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:25:42.0734 0x02e0  MSDTC - ok
14:25:42.0765 0x02e0  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:25:42.0953 0x02e0  Msfs - ok
14:25:42.0953 0x02e0  MSIServer - ok
14:25:42.0968 0x02e0  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:25:43.0140 0x02e0  MSKSSRV - ok
14:25:43.0140 0x02e0  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:25:43.0312 0x02e0  MSPCLOCK - ok
14:25:43.0328 0x02e0  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:25:43.0500 0x02e0  MSPQM - ok
14:25:43.0531 0x02e0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:25:43.0703 0x02e0  mssmbios - ok
14:25:43.0734 0x02e0  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:25:43.0781 0x02e0  Mup - ok
14:25:43.0812 0x02e0  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:25:44.0156 0x02e0  napagent - ok
14:25:44.0187 0x02e0  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:25:44.0375 0x02e0  NDIS - ok
14:25:44.0421 0x02e0  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:25:44.0453 0x02e0  NdisTapi - ok
14:25:44.0500 0x02e0  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:25:44.0656 0x02e0  Ndisuio - ok
14:25:44.0687 0x02e0  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:25:44.0859 0x02e0  NdisWan - ok
14:25:44.0890 0x02e0  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:25:44.0906 0x02e0  NDProxy - ok
14:25:44.0968 0x02e0  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:25:45.0156 0x02e0  NetBIOS - ok
14:25:45.0187 0x02e0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:25:45.0359 0x02e0  NetBT - ok
14:25:45.0406 0x02e0  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:25:45.0562 0x02e0  NetDDE - ok
14:25:45.0578 0x02e0  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:25:45.0734 0x02e0  NetDDEdsdm - ok
14:25:45.0781 0x02e0  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:25:45.0968 0x02e0  Netlogon - ok
14:25:46.0015 0x02e0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:25:46.0171 0x02e0  Netman - ok
14:25:46.0218 0x02e0  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:25:46.0406 0x02e0  NIC1394 - ok
14:25:46.0437 0x02e0  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:25:46.0484 0x02e0  Nla - ok
14:25:46.0515 0x02e0  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:25:46.0703 0x02e0  Npfs - ok
14:25:46.0765 0x02e0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:25:46.0921 0x02e0  Ntfs - ok
14:25:46.0953 0x02e0  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:25:47.0125 0x02e0  NtLmSsp - ok
14:25:47.0171 0x02e0  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:25:47.0343 0x02e0  NtmsSvc - ok
14:25:47.0375 0x02e0  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:25:47.0546 0x02e0  Null - ok
14:25:47.0656 0x02e0  [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:25:47.0781 0x02e0  nv - ok
14:25:47.0828 0x02e0  [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
14:25:47.0875 0x02e0  NVSvc - ok
14:25:47.0906 0x02e0  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:25:48.0078 0x02e0  NwlnkFlt - ok
14:25:48.0078 0x02e0  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:25:48.0437 0x02e0  NwlnkFwd - ok
14:25:48.0593 0x02e0  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:25:48.0625 0x02e0  odserv - ok
14:25:48.0656 0x02e0  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:25:48.0828 0x02e0  ohci1394 - ok
14:25:48.0890 0x02e0  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:25:48.0906 0x02e0  ose - ok
14:25:48.0937 0x02e0  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:25:49.0125 0x02e0  Parport - ok
14:25:49.0156 0x02e0  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:25:49.0328 0x02e0  PartMgr - ok
14:25:49.0375 0x02e0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:25:49.0562 0x02e0  ParVdm - ok
14:25:49.0609 0x02e0  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:25:49.0781 0x02e0  PCI - ok
14:25:49.0796 0x02e0  PCIDump - ok
14:25:49.0796 0x02e0  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:25:49.0968 0x02e0  PCIIde - ok
14:25:49.0984 0x02e0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:25:50.0140 0x02e0  Pcmcia - ok
14:25:50.0140 0x02e0  PDCOMP - ok
14:25:50.0156 0x02e0  PDFRAME - ok
14:25:50.0171 0x02e0  PDRELI - ok
14:25:50.0171 0x02e0  PDRFRAME - ok
14:25:50.0187 0x02e0  perc2 - ok
14:25:50.0187 0x02e0  perc2hib - ok
14:25:50.0250 0x02e0  [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT         C:\WINDOWS\system32\drivers\PfModNT.sys
14:25:50.0281 0x02e0  PfModNT ( UnsignedFile.Multi.Generic ) - warning
14:25:50.0281 0x02e0  PfModNT - detected UnsignedFile.Multi.Generic (1)
14:25:50.0312 0x02e0  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:25:50.0328 0x02e0  PlugPlay - ok
14:25:50.0328 0x02e0  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:25:50.0515 0x02e0  PolicyAgent - ok
14:25:50.0531 0x02e0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:25:50.0703 0x02e0  PptpMiniport - ok
14:25:50.0703 0x02e0  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:25:50.0859 0x02e0  ProtectedStorage - ok
14:25:50.0875 0x02e0  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:25:51.0046 0x02e0  PSched - ok
14:25:51.0078 0x02e0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:25:51.0250 0x02e0  Ptilink - ok
14:25:51.0265 0x02e0  ql1080 - ok
14:25:51.0265 0x02e0  Ql10wnt - ok
14:25:51.0281 0x02e0  ql12160 - ok
14:25:51.0296 0x02e0  ql1240 - ok
14:25:51.0296 0x02e0  ql1280 - ok
14:25:51.0343 0x02e0  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:25:51.0515 0x02e0  RasAcd - ok
14:25:51.0546 0x02e0  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:25:51.0718 0x02e0  RasAuto - ok
14:25:51.0750 0x02e0  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:25:51.0937 0x02e0  Rasl2tp - ok
14:25:52.0000 0x02e0  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:25:52.0171 0x02e0  RasMan - ok
14:25:52.0203 0x02e0  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:25:52.0390 0x02e0  RasPppoe - ok
14:25:52.0421 0x02e0  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:25:52.0640 0x02e0  Raspti - ok
14:25:52.0671 0x02e0  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:25:52.0859 0x02e0  Rdbss - ok
14:25:52.0890 0x02e0  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:25:53.0062 0x02e0  RDPCDD - ok
14:25:53.0140 0x02e0  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:25:53.0343 0x02e0  rdpdr - ok
14:25:53.0500 0x02e0  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:25:53.0562 0x02e0  RDPWD - ok
14:25:53.0734 0x02e0  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:25:53.0937 0x02e0  RDSessMgr - ok
14:25:54.0031 0x02e0  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:25:54.0234 0x02e0  redbook - ok
14:25:54.0265 0x02e0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:25:54.0437 0x02e0  RemoteAccess - ok
14:25:54.0500 0x02e0  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:25:54.0687 0x02e0  RemoteRegistry - ok
14:25:54.0734 0x02e0  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:25:54.0875 0x02e0  RpcLocator - ok
14:25:54.0937 0x02e0  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:25:54.0968 0x02e0  RpcSs - ok
14:25:55.0031 0x02e0  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:25:55.0218 0x02e0  RSVP - ok
14:25:55.0250 0x02e0  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:25:55.0390 0x02e0  SamSs - ok
14:25:55.0421 0x02e0  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:25:55.0625 0x02e0  SCardSvr - ok
14:25:55.0671 0x02e0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:25:55.0812 0x02e0  Schedule - ok
14:25:55.0843 0x02e0  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:25:55.0937 0x02e0  Secdrv - ok
14:25:56.0015 0x02e0  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:25:56.0250 0x02e0  seclogon - ok
14:25:56.0406 0x02e0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:25:56.0593 0x02e0  SENS - ok
14:25:56.0625 0x02e0  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:25:56.0796 0x02e0  serenum - ok
14:25:56.0828 0x02e0  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:25:57.0000 0x02e0  Serial - ok
14:25:57.0031 0x02e0  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:25:57.0328 0x02e0  Sfloppy - ok
14:25:57.0375 0x02e0  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:25:57.0562 0x02e0  SharedAccess - ok
14:25:57.0609 0x02e0  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:25:57.0640 0x02e0  ShellHWDetection - ok
14:25:57.0656 0x02e0  Simbad - ok
14:25:57.0828 0x02e0  [ 70B8DD8707DBF6142530C106365DF67D ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
14:25:57.0890 0x02e0  smwdm - ok
14:25:57.0890 0x02e0  Sparrow - ok
14:25:57.0937 0x02e0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:25:58.0125 0x02e0  splitter - ok
14:25:58.0171 0x02e0  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:25:58.0203 0x02e0  Spooler - ok
14:25:58.0296 0x02e0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:25:58.0437 0x02e0  sr - ok
14:25:58.0609 0x02e0  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:25:58.0671 0x02e0  srservice - ok
14:25:58.0734 0x02e0  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:25:58.0765 0x02e0  Srv - ok
14:25:58.0812 0x02e0  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:25:58.0906 0x02e0  SSDPSRV - ok
14:25:58.0953 0x02e0  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
14:25:59.0125 0x02e0  StillCam - ok
14:25:59.0171 0x02e0  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:25:59.0390 0x02e0  stisvc - ok
14:25:59.0406 0x02e0  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:25:59.0593 0x02e0  swenum - ok
14:25:59.0640 0x02e0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:25:59.0796 0x02e0  swmidi - ok
14:25:59.0796 0x02e0  SwPrv - ok
14:25:59.0812 0x02e0  symc810 - ok
14:25:59.0828 0x02e0  symc8xx - ok
14:25:59.0828 0x02e0  sym_hi - ok
14:25:59.0843 0x02e0  sym_u3 - ok
14:25:59.0906 0x02e0  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:26:00.0062 0x02e0  sysaudio - ok
14:26:00.0093 0x02e0  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:26:00.0250 0x02e0  SysmonLog - ok
14:26:00.0296 0x02e0  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:26:00.0453 0x02e0  TapiSrv - ok
14:26:00.0531 0x02e0  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:26:00.0578 0x02e0  Tcpip - ok
14:26:00.0593 0x02e0  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:26:00.0750 0x02e0  TDPIPE - ok
14:26:00.0765 0x02e0  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:26:00.0921 0x02e0  TDTCP - ok
14:26:00.0968 0x02e0  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:26:01.0125 0x02e0  TermDD - ok
14:26:01.0156 0x02e0  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:26:01.0328 0x02e0  TermService - ok
14:26:01.0359 0x02e0  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:26:01.0375 0x02e0  Themes - ok
14:26:01.0421 0x02e0  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:26:01.0500 0x02e0  TlntSvr - ok
14:26:01.0500 0x02e0  TosIde - ok
14:26:01.0546 0x02e0  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:26:01.0734 0x02e0  TrkWks - ok
14:26:01.0765 0x02e0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:26:01.0937 0x02e0  Udfs - ok
14:26:01.0937 0x02e0  ultra - ok
14:26:02.0000 0x02e0  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:26:02.0171 0x02e0  Update - ok
14:26:02.0203 0x02e0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:26:02.0281 0x02e0  upnphost - ok
14:26:02.0296 0x02e0  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:26:02.0484 0x02e0  UPS - ok
14:26:02.0515 0x02e0  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:26:02.0703 0x02e0  usbccgp - ok
14:26:02.0718 0x02e0  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:26:02.0890 0x02e0  usbehci - ok
14:26:02.0921 0x02e0  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:26:03.0125 0x02e0  usbhub - ok
14:26:03.0156 0x02e0  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:26:03.0312 0x02e0  usbprint - ok
14:26:03.0343 0x02e0  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:26:03.0484 0x02e0  usbscan - ok
14:26:03.0515 0x02e0  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:26:03.0687 0x02e0  USBSTOR - ok
14:26:03.0718 0x02e0  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:26:03.0875 0x02e0  usbuhci - ok
14:26:03.0890 0x02e0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:26:04.0062 0x02e0  VgaSave - ok
14:26:04.0062 0x02e0  ViaIde - ok
14:26:04.0093 0x02e0  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:26:04.0281 0x02e0  VolSnap - ok
14:26:04.0328 0x02e0  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:26:04.0406 0x02e0  VSS - ok
14:26:04.0453 0x02e0  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:26:04.0625 0x02e0  W32Time - ok
14:26:04.0656 0x02e0  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:26:04.0828 0x02e0  Wanarp - ok
14:26:04.0828 0x02e0  WDICA - ok
14:26:04.0875 0x02e0  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:26:05.0062 0x02e0  wdmaud - ok
14:26:05.0093 0x02e0  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:26:05.0265 0x02e0  WebClient - ok
14:26:05.0375 0x02e0  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:26:05.0515 0x02e0  winmgmt - ok
14:26:05.0578 0x02e0  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:26:05.0718 0x02e0  WmdmPmSN - ok
14:26:05.0765 0x02e0  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:26:05.0843 0x02e0  Wmi - ok
14:26:05.0906 0x02e0  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:26:06.0062 0x02e0  WmiApSrv - ok
14:26:06.0109 0x02e0  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:26:06.0265 0x02e0  wscsvc - ok
14:26:06.0312 0x02e0  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:26:06.0500 0x02e0  wuauserv - ok
14:26:06.0656 0x02e0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:26:07.0765 0x02e0  WZCSVC - ok
14:26:08.0140 0x02e0  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:26:08.0281 0x02e0  xmlprov - ok
14:26:08.0296 0x02e0  ================ Scan global ===============================
14:26:08.0343 0x02e0  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:26:08.0406 0x02e0  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:26:08.0437 0x02e0  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:26:08.0468 0x02e0  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:26:08.0468 0x02e0  [Global] - ok
14:26:08.0468 0x02e0  ============================================================
14:26:08.0484 0x02e0  Scan finished
14:26:08.0484 0x02e0  ============================================================
14:26:08.0484 0x0364  Detected object count: 1
14:26:08.0484 0x0364  Actual detected object count: 1
14:26:18.0718 0x0364  C:\WINDOWS\system32\drivers\PfModNT.sys - copied to quarantine
14:26:18.0718 0x0364  PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
14:26:24.0484 0x0778  ============================================================
14:26:24.0484 0x0778  Scan started
14:26:24.0484 0x0778  Mode: Manual; SigCheck; TDLFS;
14:26:24.0484 0x0778  ============================================================
14:26:25.0328 0x0778  ================ Scan system memory ========================
14:26:25.0328 0x0778  System memory - ok
14:26:25.0343 0x0778  ================ Scan services =============================
14:26:25.0437 0x0778  Abiosdsk - ok
14:26:25.0468 0x0778  abp480n5 - ok
14:26:25.0562 0x0778  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:26:25.0703 0x0778  ACPI - ok
14:26:25.0750 0x0778  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:26:25.0921 0x0778  ACPIEC - ok
14:26:25.0953 0x0778  adpu160m - ok
14:26:26.0015 0x0778  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
14:26:26.0031 0x0778  aeaudio - ok
14:26:26.0109 0x0778  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:26:26.0265 0x0778  aec - ok
14:26:26.0328 0x0778  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:26:26.0343 0x0778  AFD - ok
14:26:26.0437 0x0778  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:26:26.0609 0x0778  agp440 - ok
14:26:26.0640 0x0778  Aha154x - ok
14:26:26.0703 0x0778  aic78u2 - ok
14:26:26.0718 0x0778  aic78xx - ok
14:26:26.0765 0x0778  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:26:26.0906 0x0778  Alerter - ok
14:26:26.0953 0x0778  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:26:27.0031 0x0778  ALG - ok
14:26:27.0062 0x0778  AliIde - ok
14:26:27.0093 0x0778  amsint - ok
14:26:27.0156 0x0778  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:26:27.0234 0x0778  AppMgmt - ok
14:26:27.0265 0x0778  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:26:27.0421 0x0778  Arp1394 - ok
14:26:27.0453 0x0778  asc - ok
14:26:27.0484 0x0778  asc3350p - ok
14:26:27.0500 0x0778  asc3550 - ok
14:26:27.0562 0x0778  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:26:27.0703 0x0778  AsyncMac - ok
14:26:27.0765 0x0778  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:26:27.0890 0x0778  atapi - ok
14:26:27.0921 0x0778  Atdisk - ok
14:26:27.0968 0x0778  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:26:28.0125 0x0778  Atmarpc - ok
14:26:28.0171 0x0778  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:26:28.0328 0x0778  AudioSrv - ok
14:26:28.0390 0x0778  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:26:28.0546 0x0778  audstub - ok
14:26:28.0687 0x0778  [ 41347688046D49CDE0F6D138A534F73D ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:26:28.0750 0x0778  BCMModem - ok
14:26:28.0812 0x0778  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:26:28.0937 0x0778  Beep - ok
14:26:29.0031 0x0778  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:26:29.0203 0x0778  BITS - ok
14:26:29.0218 0x0778  Scan interrupted by user!
14:26:29.0218 0x0778  ================ Scan global ===============================
14:26:29.0218 0x0778  Scan interrupted by user!
14:26:29.0218 0x0778  ============================================================
14:26:29.0218 0x0778  Scan finished
14:26:29.0218 0x0778  ============================================================
14:26:29.0281 0x01c4  Detected object count: 0
14:26:29.0281 0x01c4  Actual detected object count: 0
14:26:44.0781 0x071c  Deinitialize success
 

 

 

Rkill

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/31/2013 12:42:46 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/31/2013 12:43:31 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 AM

Posted 25 September 2013 - 01:27 PM

Open notepad and copy/paste the text in the quote box below into it:
 
File::

Folder::

Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"A22057BA-F5A8-4F55-9D0D-C965E9923CFE"=-

ClearJavaCache::

Firefox::

DirLook::

Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===
 

2008-04-14 07:00:00 . 2008-04-14 07:00:00 52,352 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Volsnap.sys.vir

all the files were quarantined by ComboFix. I guest they did not pass the ComboFix search and may be corrupted.
The Quarantine folder will be deleted when we remove ComboFix. Wait for my instructions.

Lets check if you have a good copy of the file on your hard disk.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    Volsnap.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
    ===

    p.s.
    Do you have any Virus protection on this computer?


Edited by nasdaq, 25 September 2013 - 01:29 PM.


#13 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 25 September 2013 - 03:30 PM

I get to work on this when I get home in a few hours but to answer your question- no. I DID have an antivirus  but I think after all this started I deleted it and was using Windows Security Essentials since I couldn't download updates. I have the AVG Internet Security/PC Cleanup 2014 bundle that I plan to install on ALL four machines. I also purchased a Malwarebytes PRO license for each machine. My plan is to install these when you give the green light. If you have any additional recommendations for software to go with them (in addition to maybe the spyware blaster you mentioned before) I'm all ears.

 

Any verdict on whether I should re-run the scans for any of the other computers? The history of scans can be seen @ the link I shared in my last post...if that somehow helps you get a sense of where things were coming from originally so we can best get it the heck out of my electronics!!!

out of curiousity- can whatever this seems to be (that you thankfully seem to know how to fix) be identified by name? I'd love to do some google searching and learn somethings! I'd also like to know if it could be what infected my iphone since it all happened at the same time...thoughts?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:04 AM

Posted 26 September 2013 - 07:18 AM

We have no way of knowing where the infection came from.

To get infected all one has to do is open a bad link or message and within second you computer is infected. A worm will infect all computer on the network and possibly your phone.

As for the other computer is all is well then no need to scan again.
You can keep the AdwCleaner and the Junk Removal tool in a separate folder.
You can run the tools when things go slow.
Make sure you update the tools as they are updated regularly.

#15 Ajmarks

Ajmarks
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 26 September 2013 - 10:02 AM

DESKTOP

Good Old Dell. Keeping things interesting!

 

I ran the RogueKiller which found a few things (not sure what they mean) and the TDSS Killer as requested but there was not rootkit found by TDSS- in fact- it listed Volsnap as “okay”…what gives?!?! :scratchhead:

 

I then ran CFScript in Combofix as you asked and it again told me about the Volsnap.sys virus, restarted (I was able to make it do safe mode before it went to normal) and it finished enough to give me a log. I looked at the quarantine again and everything looked the same but one thing caught my eye- a new catchme.txt file (previously there was a catchme.log listed). From what I’ve seen a catchme file is bad right? :unsure:

 

I’ve also run aswMBR and System Look and included/attached the logs you asked for.

 

Awaiting further instructions oh brilliant computer cleaning one and my night in shining armor! :horse:

xxxxxxxxxxxxxxxxxxxxxxxxx

HERE ARE THE LOGS:

RogueKiller

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User : Administrator [Admin rights]

Mode : Remove -- Date : 09/25/2013 20:16:57

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x2] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST360015A +++++

--- User ---

[MBR] e9a69c12217a7610c734cd68b2805c61

[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 57200 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_D_09252013_201656.txt >>

RKreport[0]_D_09252013_190752.txt;RKreport[0]_D_09252013_201145.txt;RKreport[0]_S_09252013_185838.txt

RKreport[0]_S_09252013_201118.txt;RKreport[0]_S_09252013_201629.txt

 

 

 

TDSSS

19:08:37.0531 0540  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:08:37.0593 0540  ============================================================

19:08:37.0593 0540  Current date / time: 2013/09/25 19:08:37.0593

19:08:37.0593 0540  SystemInfo:

19:08:37.0593 0540 

19:08:37.0593 0540  OS Version: 5.1.2600 ServicePack: 3.0

19:08:37.0593 0540  Product type: Workstation

19:08:37.0593 0540  ComputerName: ALISON-DESKTOP

19:08:37.0593 0540  UserName: Administrator

19:08:37.0593 0540  Windows directory: C:\WINDOWS

19:08:37.0593 0540  System windows directory: C:\WINDOWS

19:08:37.0593 0540  Processor architecture: Intel x86

19:08:37.0593 0540  Number of processors: 1

19:08:37.0593 0540  Page size: 0x1000

19:08:37.0593 0540  Boot type: Safe boot with network

19:08:37.0593 0540  ============================================================

19:08:39.0140 0540  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:08:43.0140 0540  Drive \Device\Harddisk1\DR1 - Size: 0x1F7F82000 (7.87 Gb), SectorSize: 0x200, Cylinders: 0x403, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:08:43.0140 0540  ============================================================

19:08:43.0140 0540  \Device\Harddisk0\DR0:

19:08:43.0140 0540  MBR partitions:

19:08:43.0140 0540  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x6FB817C

19:08:43.0140 0540  ============================================================

19:08:43.0171 0540  C: <-> \Device\Harddisk0\DR0\Partition1

19:08:43.0171 0540  ============================================================

19:08:43.0171 0540  Initialize success

19:08:43.0171 0540  ============================================================

19:09:14.0531 0336  ============================================================

19:09:14.0531 0336  Scan started

19:09:14.0531 0336  Mode: Manual; SigCheck; TDLFS;

19:09:14.0531 0336  ============================================================

19:09:16.0531 0336  ================ Scan system memory ========================

19:09:16.0531 0336  System memory - ok

19:09:16.0546 0336  ================ Scan services =============================

19:09:16.0718 0336  Abiosdsk - ok

19:09:16.0750 0336  abp480n5 - ok

19:09:16.0828 0336  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:09:17.0156 0336  ACPI - ok

19:09:17.0203 0336  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys

19:09:17.0359 0336  ACPIEC - ok

19:09:17.0375 0336  adpu160m - ok

19:09:17.0437 0336  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys

19:09:17.0515 0336  aeaudio - ok

19:09:17.0593 0336  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys

19:09:17.0796 0336  aec - ok

19:09:17.0859 0336  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys

19:09:17.0890 0336  AFD - ok

19:09:17.0953 0336  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys

19:09:18.0125 0336  agp440 - ok

19:09:18.0140 0336  Aha154x - ok

19:09:18.0187 0336  aic78u2 - ok

19:09:18.0203 0336  aic78xx - ok

19:09:18.0265 0336  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

19:09:18.0421 0336  Alerter - ok

19:09:18.0500 0336  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe

19:09:18.0671 0336  ALG - ok

19:09:18.0687 0336  AliIde - ok

19:09:18.0703 0336  amsint - ok

19:09:18.0765 0336  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

19:09:18.0921 0336  AppMgmt - ok

19:09:18.0953 0336  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:09:19.0140 0336  Arp1394 - ok

19:09:19.0171 0336  asc - ok

19:09:19.0218 0336  asc3350p - ok

19:09:19.0234 0336  asc3550 - ok

19:09:19.0296 0336  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:09:19.0484 0336  AsyncMac - ok

19:09:19.0531 0336  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

19:09:19.0734 0336  atapi - ok

19:09:19.0750 0336  Atdisk - ok

19:09:19.0812 0336  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:09:19.0968 0336  Atmarpc - ok

19:09:20.0015 0336  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

19:09:20.0203 0336  AudioSrv - ok

19:09:20.0281 0336  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

19:09:20.0453 0336  audstub - ok

19:09:20.0562 0336  [ 41347688046D49CDE0F6D138A534F73D ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys

19:09:20.0671 0336  BCMModem - ok

19:09:20.0718 0336  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

19:09:20.0921 0336  Beep - ok

19:09:20.0984 0336  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll

19:09:21.0218 0336  BITS - ok

19:09:21.0281 0336  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll

19:09:21.0359 0336  Browser - ok

19:09:21.0375 0336  catchme - ok

19:09:21.0437 0336  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

19:09:21.0625 0336  cbidf2k - ok

19:09:21.0656 0336  cd20xrnt - ok

19:09:21.0718 0336  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

19:09:21.0906 0336  Cdaudio - ok

19:09:21.0984 0336  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

19:09:22.0156 0336  Cdfs - ok

19:09:22.0218 0336  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:09:22.0421 0336  Cdrom - ok

19:09:22.0468 0336  cerc6 - ok

19:09:22.0500 0336  Changer - ok

19:09:22.0546 0336  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe

19:09:22.0750 0336  CiSvc - ok

19:09:22.0765 0336  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

19:09:22.0968 0336  ClipSrv - ok

19:09:22.0984 0336  CmdIde - ok

19:09:23.0031 0336  COMSysApp - ok

19:09:23.0093 0336  Cpqarray - ok

19:09:23.0156 0336  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

19:09:23.0343 0336  CryptSvc - ok

19:09:23.0375 0336  dac2w2k - ok

19:09:23.0421 0336  dac960nt - ok

19:09:23.0500 0336  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

19:09:23.0593 0336  DcomLaunch - ok

19:09:23.0656 0336  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

19:09:23.0828 0336  Dhcp - ok

19:09:23.0890 0336  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

19:09:24.0109 0336  Disk - ok

19:09:24.0140 0336  dmadmin - ok

19:09:24.0218 0336  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

19:09:24.0437 0336  dmboot - ok

19:09:24.0484 0336  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

19:09:24.0687 0336  dmio - ok

19:09:24.0734 0336  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

19:09:24.0921 0336  dmload - ok

19:09:24.0968 0336  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll

19:09:25.0125 0336  dmserver - ok

19:09:25.0156 0336  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

19:09:25.0359 0336  DMusic - ok

19:09:25.0406 0336  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

19:09:25.0484 0336  Dnscache - ok

19:09:25.0531 0336  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll

19:09:25.0734 0336  Dot3svc - ok

19:09:25.0750 0336  dpti2o - ok

19:09:25.0812 0336  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

19:09:25.0984 0336  drmkaud - ok

19:09:26.0046 0336  [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys

19:09:26.0250 0336  E100B - ok

19:09:26.0281 0336  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll

19:09:26.0484 0336  EapHost - ok

19:09:26.0531 0336  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll

19:09:26.0718 0336  ERSvc - ok

19:09:26.0781 0336  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe

19:09:26.0828 0336  Eventlog - ok

19:09:26.0906 0336  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll

19:09:26.0984 0336  EventSystem - ok

19:09:27.0046 0336  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

19:09:27.0250 0336  Fastfat - ok

19:09:27.0312 0336  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

19:09:27.0375 0336  FastUserSwitchingCompatibility - ok

19:09:27.0453 0336  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys

19:09:27.0640 0336  Fdc - ok

19:09:27.0687 0336  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

19:09:27.0890 0336  Fips - ok

19:09:27.0953 0336  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:09:28.0140 0336  Flpydisk - ok

19:09:28.0203 0336  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys

19:09:28.0406 0336  FltMgr - ok

19:09:28.0453 0336  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:09:28.0640 0336  Fs_Rec - ok

19:09:28.0703 0336  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:09:28.0890 0336  Ftdisk - ok

19:09:28.0968 0336  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:09:29.0171 0336  Gpc - ok

19:09:29.0250 0336  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:09:29.0437 0336  helpsvc - ok

19:09:29.0484 0336  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll

19:09:29.0671 0336  HidServ - ok

19:09:29.0718 0336  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:09:29.0906 0336  hidusb - ok

19:09:29.0921 0336  HitmanPro37CrusaderBoot - ok

19:09:29.0968 0336  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll

19:09:30.0156 0336  hkmsvc - ok

19:09:30.0171 0336  hpn - ok

19:09:30.0234 0336  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

19:09:30.0265 0336  HTTP - ok

19:09:30.0328 0336  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

19:09:30.0515 0336  HTTPFilter - ok

19:09:30.0531 0336  i2omgmt - ok

19:09:30.0562 0336  i2omp - ok

19:09:30.0625 0336  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys

19:09:30.0843 0336  i8042prt - ok

19:09:30.0906 0336  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

19:09:31.0109 0336  Imapi - ok

19:09:31.0171 0336  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe

19:09:31.0390 0336  ImapiService - ok

19:09:31.0421 0336  ini910u - ok

19:09:31.0500 0336  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys

19:09:31.0687 0336  IntelIde - ok

19:09:31.0734 0336  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:09:31.0937 0336  intelppm - ok

19:09:31.0968 0336  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys

19:09:32.0156 0336  Ip6Fw - ok

19:09:32.0203 0336  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:09:32.0375 0336  IpFilterDriver - ok

19:09:32.0406 0336  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:09:32.0593 0336  IpInIp - ok

19:09:32.0656 0336  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:09:32.0843 0336  IpNat - ok

19:09:32.0906 0336  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:09:33.0078 0336  IPSec - ok

19:09:33.0140 0336  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

19:09:33.0296 0336  IRENUM - ok

19:09:33.0359 0336  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:09:33.0562 0336  isapnp - ok

19:09:33.0609 0336  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:09:33.0796 0336  Kbdclass - ok

19:09:33.0843 0336  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys

19:09:34.0031 0336  kbdhid - ok

19:09:34.0078 0336  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

19:09:34.0281 0336  kmixer - ok

19:09:34.0343 0336  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

19:09:34.0437 0336  KSecDD - ok

19:09:34.0500 0336  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll

19:09:34.0562 0336  LanmanServer - ok

19:09:34.0625 0336  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

19:09:34.0703 0336  lanmanworkstation - ok

19:09:34.0718 0336  lbrtfdc - ok

19:09:34.0828 0336  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

19:09:35.0015 0336  LmHosts - ok

19:09:35.0078 0336  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll

19:09:35.0250 0336  Messenger - ok

19:09:35.0296 0336  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

19:09:35.0484 0336  mnmdd - ok

19:09:35.0546 0336  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe

19:09:35.0750 0336  mnmsrvc - ok

19:09:35.0796 0336  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

19:09:36.0000 0336  Modem - ok

19:09:36.0046 0336  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys

19:09:36.0203 0336  MODEMCSA - ok

19:09:36.0265 0336  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:09:36.0453 0336  Mouclass - ok

19:09:36.0484 0336  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:09:36.0687 0336  mouhid - ok

19:09:36.0765 0336  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

19:09:36.0953 0336  MountMgr - ok

19:09:36.0968 0336  mraid35x - ok

19:09:37.0031 0336  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:09:37.0218 0336  MRxDAV - ok

19:09:37.0281 0336  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:09:37.0328 0336  MRxSmb - ok

19:09:37.0390 0336  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe

19:09:37.0593 0336  MSDTC - ok

19:09:37.0656 0336  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

19:09:37.0843 0336  Msfs - ok

19:09:37.0875 0336  MSIServer - ok

19:09:37.0937 0336  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:09:38.0109 0336  MSKSSRV - ok

19:09:38.0140 0336  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:09:38.0328 0336  MSPCLOCK - ok

19:09:38.0359 0336  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

19:09:38.0546 0336  MSPQM - ok

19:09:38.0593 0336  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:09:38.0765 0336  mssmbios - ok

19:09:38.0812 0336  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

19:09:38.0875 0336  Mup - ok

19:09:38.0937 0336  [ 481DAA2CBA98521A4E40F75518C06330 ] NAL             C:\WINDOWS\system32\Drivers\iqvw32.sys

19:09:38.0984 0336  NAL - ok

19:09:39.0062 0336  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll

19:09:39.0234 0336  napagent - ok

19:09:39.0281 0336  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

19:09:39.0484 0336  NDIS - ok

19:09:39.0531 0336  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:09:39.0593 0336  NdisTapi - ok

19:09:39.0640 0336  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:09:39.0812 0336  Ndisuio - ok

19:09:39.0859 0336  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:09:40.0046 0336  NdisWan - ok

19:09:40.0109 0336  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

19:09:40.0156 0336  NDProxy - ok

19:09:40.0218 0336  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

19:09:40.0406 0336  NetBIOS - ok

19:09:40.0453 0336  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

19:09:40.0656 0336  NetBT - ok

19:09:40.0718 0336  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe

19:09:40.0921 0336  NetDDE - ok

19:09:40.0968 0336  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

19:09:41.0125 0336  NetDDEdsdm - ok

19:09:41.0218 0336  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe

19:09:41.0390 0336  Netlogon - ok

19:09:41.0453 0336  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll

19:09:41.0671 0336  Netman - ok

19:09:41.0718 0336  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:09:41.0906 0336  NIC1394 - ok

19:09:41.0953 0336  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll

19:09:41.0968 0336  Nla - ok

19:09:42.0000 0336  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

19:09:42.0203 0336  Npfs - ok

19:09:42.0281 0336  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

19:09:42.0515 0336  Ntfs - ok

19:09:42.0546 0336  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe

19:09:42.0718 0336  NtLmSsp - ok

19:09:42.0812 0336  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

19:09:43.0015 0336  NtmsSvc - ok

19:09:43.0062 0336  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys

19:09:43.0250 0336  Null - ok

19:09:43.0375 0336  [ 71DBDC08DF86B80511E72953FA1AD6B0 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

19:09:43.0484 0336  nv - ok

19:09:43.0562 0336  [ 5ED834603C36414B579979B3A9C90F54 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe

19:09:43.0609 0336  NVSvc - ok

19:09:43.0656 0336  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:09:43.0828 0336  NwlnkFlt - ok

19:09:43.0859 0336  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:09:44.0078 0336  NwlnkFwd - ok

19:09:44.0265 0336  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:09:44.0312 0336  odserv - ok

19:09:44.0359 0336  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:09:44.0531 0336  ohci1394 - ok

19:09:44.0578 0336  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:09:44.0593 0336  ose - ok

19:09:44.0656 0336  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys

19:09:44.0843 0336  Parport - ok

19:09:44.0906 0336  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

19:09:45.0109 0336  PartMgr - ok

19:09:45.0156 0336  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

19:09:45.0359 0336  ParVdm - ok

19:09:45.0406 0336  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

19:09:45.0578 0336  PCI - ok

19:09:45.0593 0336  PCIDump - ok

19:09:45.0609 0336  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys

19:09:45.0781 0336  PCIIde - ok

19:09:45.0843 0336  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys

19:09:46.0031 0336  Pcmcia - ok

19:09:46.0046 0336  PDCOMP - ok

19:09:46.0078 0336  PDFRAME - ok

19:09:46.0109 0336  PDRELI - ok

19:09:46.0140 0336  PDRFRAME - ok

19:09:46.0171 0336  perc2 - ok

19:09:46.0203 0336  perc2hib - ok

19:09:46.0343 0336  [ C8A2D6FF660AC601B7BB9A9B16A5C25E ] PfModNT         C:\WINDOWS\system32\drivers\PfModNT.sys

19:09:46.0359 0336  PfModNT ( UnsignedFile.Multi.Generic ) - warning

19:09:46.0359 0336  PfModNT - detected UnsignedFile.Multi.Generic (1)

19:09:46.0406 0336  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe

19:09:46.0437 0336  PlugPlay - ok

19:09:46.0468 0336  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

19:09:46.0625 0336  PolicyAgent - ok

19:09:46.0687 0336  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:09:46.0875 0336  PptpMiniport - ok

19:09:46.0906 0336  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

19:09:47.0093 0336  ProtectedStorage - ok

19:09:47.0125 0336  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys

19:09:47.0328 0336  PSched - ok

19:09:47.0343 0336  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:09:47.0546 0336  Ptilink - ok

19:09:47.0562 0336  ql1080 - ok

19:09:47.0593 0336  Ql10wnt - ok

19:09:47.0625 0336  ql12160 - ok

19:09:47.0656 0336  ql1240 - ok

19:09:47.0703 0336  ql1280 - ok

19:09:47.0765 0336  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:09:47.0921 0336  RasAcd - ok

19:09:47.0984 0336  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll

19:09:48.0171 0336  RasAuto - ok

19:09:48.0218 0336  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:09:48.0406 0336  Rasl2tp - ok

19:09:48.0453 0336  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll

19:09:48.0640 0336  RasMan - ok

19:09:48.0671 0336  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:09:48.0875 0336  RasPppoe - ok

19:09:48.0890 0336  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

19:09:49.0093 0336  Raspti - ok

19:09:49.0156 0336  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:09:49.0328 0336  Rdbss - ok

19:09:49.0343 0336  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:09:49.0546 0336  RDPCDD - ok

19:09:49.0625 0336  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:09:49.0812 0336  rdpdr - ok

19:09:49.0890 0336  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

19:09:49.0937 0336  RDPWD - ok

19:09:50.0000 0336  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

19:09:50.0203 0336  RDSessMgr - ok

19:09:50.0250 0336  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

19:09:50.0453 0336  redbook - ok

19:09:50.0500 0336  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

19:09:50.0687 0336  RemoteAccess - ok

19:09:50.0765 0336  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

19:09:50.0953 0336  RemoteRegistry - ok

19:09:51.0000 0336  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe

19:09:51.0203 0336  RpcLocator - ok

19:09:51.0265 0336  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll

19:09:51.0296 0336  RpcSs - ok

19:09:51.0359 0336  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe

19:09:51.0578 0336  RSVP - ok

19:09:51.0625 0336  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe

19:09:51.0812 0336  SamSs - ok

19:09:51.0843 0336  SASDIFSV - ok

19:09:51.0875 0336  SASKUTIL - ok

19:09:51.0953 0336  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

19:09:52.0156 0336  SCardSvr - ok

19:09:52.0234 0336  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll

19:09:52.0437 0336  Schedule - ok

19:09:52.0500 0336  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:09:52.0656 0336  Secdrv - ok

19:09:52.0718 0336  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll

19:09:52.0921 0336  seclogon - ok

19:09:52.0937 0336  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll

19:09:53.0140 0336  SENS - ok

19:09:53.0187 0336  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys

19:09:53.0359 0336  serenum - ok

19:09:53.0406 0336  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys

19:09:53.0578 0336  Serial - ok

19:09:53.0640 0336  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys

19:09:53.0843 0336  Sfloppy - ok

19:09:53.0906 0336  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

19:09:54.0109 0336  SharedAccess - ok

19:09:54.0156 0336  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

19:09:54.0203 0336  ShellHWDetection - ok

19:09:54.0234 0336  Simbad - ok

19:09:54.0343 0336  [ 70B8DD8707DBF6142530C106365DF67D ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys

19:09:54.0406 0336  smwdm - ok

19:09:54.0453 0336  Sparrow - ok

19:09:54.0515 0336  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

19:09:54.0718 0336  splitter - ok

19:09:54.0765 0336  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe

19:09:54.0812 0336  Spooler - ok

19:09:54.0875 0336  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

19:09:55.0046 0336  sr - ok

19:09:55.0093 0336  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll

19:09:55.0265 0336  srservice - ok

19:09:55.0343 0336  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys

19:09:55.0390 0336  Srv - ok

19:09:55.0468 0336  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

19:09:55.0640 0336  SSDPSRV - ok

19:09:55.0687 0336  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys

19:09:55.0875 0336  StillCam - ok

19:09:55.0937 0336  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll

19:09:56.0156 0336  stisvc - ok

19:09:56.0203 0336  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

19:09:56.0406 0336  swenum - ok

19:09:56.0453 0336  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

19:09:56.0656 0336  swmidi - ok

19:09:56.0671 0336  SwPrv - ok

19:09:56.0734 0336  symc810 - ok

19:09:56.0765 0336  symc8xx - ok

19:09:56.0796 0336  sym_hi - ok

19:09:56.0828 0336  sym_u3 - ok

19:09:56.0890 0336  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

19:09:57.0109 0336  sysaudio - ok

19:09:57.0156 0336  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

19:09:57.0343 0336  SysmonLog - ok

19:09:57.0453 0336  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

19:09:57.0656 0336  TapiSrv - ok

19:09:57.0718 0336  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:09:57.0765 0336  Tcpip - ok

19:09:57.0812 0336  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

19:09:58.0015 0336  TDPIPE - ok

19:09:58.0062 0336  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

19:09:58.0250 0336  TDTCP - ok

19:09:58.0312 0336  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

19:09:58.0500 0336  TermDD - ok

19:09:58.0562 0336  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll

19:09:58.0781 0336  TermService - ok

19:09:58.0828 0336  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll

19:09:58.0843 0336  Themes - ok

19:09:58.0906 0336  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe

19:09:59.0062 0336  TlntSvr - ok

19:09:59.0093 0336  TosIde - ok

19:09:59.0171 0336  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll

19:09:59.0375 0336  TrkWks - ok

19:09:59.0390 0336  TrueSight - ok

19:09:59.0468 0336  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

19:09:59.0656 0336  Udfs - ok

19:09:59.0671 0336  ultra - ok

19:09:59.0750 0336  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys

19:09:59.0953 0336  Update - ok

19:10:00.0031 0336  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll

19:10:00.0187 0336  upnphost - ok

19:10:00.0234 0336  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe

19:10:00.0406 0336  UPS - ok

19:10:00.0453 0336  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:10:00.0671 0336  usbccgp - ok

19:10:00.0718 0336  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:10:00.0921 0336  usbehci - ok

19:10:01.0000 0336  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:10:01.0203 0336  usbhub - ok

19:10:01.0265 0336  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:10:01.0453 0336  usbprint - ok

19:10:01.0484 0336  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys

19:10:01.0703 0336  usbscan - ok

19:10:01.0765 0336  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:10:01.0937 0336  USBSTOR - ok

19:10:02.0000 0336  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:10:02.0156 0336  usbuhci - ok

19:10:02.0203 0336  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

19:10:02.0390 0336  VgaSave - ok

19:10:02.0406 0336  ViaIde - ok

19:10:02.0468 0336  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

19:10:02.0656 0336  VolSnap - ok

19:10:02.0703 0336  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe

19:10:02.0875 0336  VSS - ok

19:10:02.0937 0336  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll

19:10:03.0140 0336  W32Time - ok

19:10:03.0187 0336  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:10:03.0390 0336  Wanarp - ok

19:10:03.0421 0336  WDICA - ok

19:10:03.0484 0336  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

19:10:03.0687 0336  wdmaud - ok

19:10:03.0718 0336  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll

19:10:03.0921 0336  WebClient - ok

19:10:04.0031 0336  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll

19:10:04.0218 0336  winmgmt - ok

19:10:04.0343 0336  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll

19:10:04.0515 0336  WmdmPmSN - ok

19:10:04.0593 0336  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll

19:10:04.0734 0336  Wmi - ok

19:10:04.0812 0336  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:10:05.0015 0336  WmiApSrv - ok

19:10:05.0062 0336  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:10:05.0281 0336  WS2IFSL - ok

19:10:05.0343 0336  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

19:10:05.0546 0336  wscsvc - ok

19:10:05.0593 0336  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

19:10:05.0812 0336  wuauserv - ok

19:10:05.0968 0336  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

19:10:06.0265 0336  WZCSVC - ok

19:10:06.0312 0336  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

19:10:06.0500 0336  xmlprov - ok

19:10:06.0531 0336  ================ Scan global ===============================

19:10:06.0578 0336  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

19:10:06.0625 0336  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

19:10:06.0671 0336  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

19:10:06.0703 0336  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

19:10:06.0703 0336  [Global] - ok

19:10:06.0718 0336  ================ Scan MBR ==================================

19:10:06.0750 0336  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

19:10:07.0078 0336  \Device\Harddisk0\DR0 - ok

19:10:07.0109 0336  ================ Scan VBR ==================================

19:10:07.0140 0336  [ F4ED78B8F9680F3E3AE43AF686EBE723 ] \Device\Harddisk0\DR0\Partition1

19:10:07.0140 0336  \Device\Harddisk0\DR0\Partition1 - ok

19:10:07.0140 0336  ============================================================

19:10:07.0140 0336  Scan finished

19:10:07.0140 0336  ============================================================

19:10:07.0296 1184  Detected object count: 1

19:10:07.0296 1184  Actual detected object count: 1

19:10:49.0062 1184  PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user

19:10:49.0062 1184  PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

 

 

Combofix

ComboFix 13-09-24.02 - Administrator 09/25/2013  19:38:49.2.1 - x86 NETWORK

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.842 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-26 to 2013-09-26  )))))))))))))))))))))))))))))))

.

.

2013-09-25 08:00 . 2013-09-25 08:02         --------   d-----w-                c:\windows\system32\MRT

2013-09-25 04:12 . 2013-09-25 04:12         --------   d-----w-                c:\documents and settings\Alison

2013-09-25 03:39 . 2013-09-25 04:03         --------   d-----w-                C:\AdwCleaner

2013-08-31 23:42 . 2013-08-31 23:42         --------   d-----w-                c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2013-08-31 23:06 . 2013-08-31 23:06         --------   d-----w-                c:\program files\TeaTimer (Spybot - Search & Destroy)

2013-08-31 23:05 . 2013-08-31 23:52         --------   d-----w-                c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2013-08-31 20:58 . 2013-08-31 20:58         --------   d-----w-                c:\windows\ServicePackFiles

2013-08-31 19:26 . 2013-08-31 19:26         --------   d-----w-                C:\TDSSKiller_Quarantine

2013-08-31 18:52 . 2012-06-05 07:37         256904  ----a-w-                c:\windows\system32\drivers\tmcomm.sys

2013-08-31 18:46 . 2013-08-31 18:46         --------   d-----w-                c:\windows\ERUNT

2013-08-31 17:54 . 2013-08-31 17:54         --------   d-----w-                c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2013-08-31 17:48 . 2013-08-31 17:48         --------   d-----w-                c:\documents and settings\All Users\Application Data\Malwarebytes

2013-08-31 17:48 . 2013-08-31 17:48         --------   d-----w-                c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-08-31 17:41 . 2013-08-31 17:41         12872    ----a-w-                c:\windows\system32\bootdelete.exe

2013-08-31 17:38 . 2013-08-31 17:42         --------   d-----w-                c:\documents and settings\All Users\Application Data\HitmanPro

2013-08-31 17:09 . 2013-08-31 17:09         --------   d-sh--w-              c:\documents and settings\Administrator\PrivacIE

2013-08-31 17:06 . 2013-08-31 17:06         --------   d-----w-                c:\windows\system32\msmq

2013-08-31 17:06 . 2013-08-31 17:06         --------   d-----w-                c:\windows\system32\Logfiles

2013-08-31 17:06 . 2013-08-31 17:06         --------   d-----w-                C:\Inetpub

2013-08-31 16:50 . 2013-08-31 16:50         --------   d-----w-                c:\documents and settings\Administrator\Application Data\MSNInstaller

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-09 01:56 . 2008-04-14 07:00         386560  ----a-w-                c:\windows\system32\themeui.dll

2013-08-08 06:05 . 2008-04-14 07:00         920064  ----a-w-                c:\windows\system32\wininet.dll

2013-08-08 06:05 . 2008-04-14 07:00         43520    ------w- c:\windows\system32\licmgr10.dll

2013-08-08 06:05 . 2008-04-14 07:00         1469440                ------w- c:\windows\system32\inetcpl.cpl

2013-08-08 06:05 . 2008-04-14 07:00         18944    ----a-w-                c:\windows\system32\corpol.dll

2013-08-08 01:27 . 2008-04-14 07:00         1877760                ----a-w-                c:\windows\system32\win32k.sys

2013-08-08 00:02 . 2008-04-14 07:00         385024  ------w- c:\windows\system32\html.iec

2013-08-05 13:30 . 2008-04-14 07:00         1289728                ----a-w-                c:\windows\system32\ole32.dll

2013-07-31 20:11 . 2008-04-14 07:00         810496  ----a-w-                c:\windows\system32\wmvdmod.dll

2013-07-10 10:37 . 2008-04-14 07:00         406016  ----a-w-                c:\windows\system32\usp10.dll

2013-07-04 02:59 . 2008-04-14 07:00         2193536                ----a-w-                c:\windows\system32\ntoskrnl.exe

2013-07-04 02:08 . 2008-04-14 00:01         2070144                ----a-w-                c:\windows\system32\ntkrnlpa.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"OE_WMPWMFSDK_Install_2"="c:\windows\system32\wmnetmgr.dll" [2008-06-10 1053696]

"OE_WMPWMFSDK_Install_4"="c:\windows\system32\wmvdmod.dll" [2013-07-31 810496]

"OE_WMPWMFSDK_Install_5"="c:\windows\system32\wmvdmoe2.dll" [2008-04-14 1001472]

"OE_WMPWMFSDK_Install_6"="c:\windows\system32\wmadmoe.dll" [2008-04-14 670720]

"OE_WMPWMFSDK_Install_7"="c:\windows\system32\wmspdmod.dll" [2009-04-03 485376]

"OE_WMPWMFSDK_Install_8"="c:\windows\system32\wmspdmoe.dll" [2008-04-14 897024]

"OE_WMPWMFSDK_Install_9"="c:\windows\system32\wmsdmoe.dll" [2008-04-14 115200]

"OE_WMPWMFSDK_Install_10"="c:\windows\system32\wmsdmoe2.dll" [2008-04-14 1119744]

"OE_WMPWMFSDK_Install_20"="c:\windows\system32\wmadmod.dll" [2008-04-14 408064]

"OE_WMPWMFSDK_Install_21"="c:\windows\system32\mpg4dmod.dll" [2008-04-14 240640]

"OE_WMPWMFSDK_Install_22"="c:\windows\system32\mp43dmod.dll" [2008-04-14 310272]

"OE_WMPWMFSDK_Install_23"="c:\windows\system32\mp4sdmod.dll" [2010-04-05 384512]

"OE_WMPWMFSDK_Install_24"="c:\windows\system32\wmsdmod.dll" [2008-04-14 759296]

"OE_WMPWMFSDK_Install_30"="c:\windows\system32\laprxy.dll" [2008-04-14 6656]

"OE_WMPWMFSDK_Install_31"="c:\windows\system32\logagent.exe" [2008-06-10 103936]

"OE_WMPWMFSDK_Install_32"="c:\windows\system32\wmvcore.dll" [2010-04-08 2113536]

"OE_WMPDRM_Install_1"="c:\windows\system32\drmstor.dll" [2008-04-14 87040]

"OE_WMPDRM_Install_2"="c:\windows\system32\drmclien.dll" [2008-04-14 299520]

"OE_WMPDRM_Install_4"="c:\windows\system32\drmv2clt.dll" [2008-04-14 695808]

"OE_WMPDRM_Install_5"="c:\windows\system32\blackbox.dll" [2008-04-14 286720]

"OE_WMPDRM_Install_6"="c:\windows\system32\msnetobj.dll" [2008-04-14 259072]

"OE_WMPWMP7_Install_0"="c:\windows\INF\unregmp2.exe" [2008-04-14 208896]

"OE_WMPWMP7_Install_1"="c:\program files\Windows Media Player\migrate.exe" [2008-04-14 786432]

"OE_WMPWMP7_Install_2"="c:\windows\system32\wmp.dll" [2010-08-26 4886528]

"OE_WMPWMP7_Install_8"="c:\windows\system32\wmpshell.dll" [2008-04-14 102400]

"OE_WMPWMP7_Install_9"="c:\windows\system32\wmpasf.dll" [2008-04-14 114688]

"OE_WMPWMP7_Install_10"="c:\windows\system32\wmpdxm.dll" [2009-07-12 233472]

"OE_WMPWMP7_Install_11"="c:\program files\Windows Media Player\mpvis.dll" [2008-04-14 368640]

"OE_WMPWMDM_Install_7"="c:\windows\system32\mspmsnsv.dll" [2008-04-14 52224]

"OE_WMPWMP7_Install_20"="c:\windows\INF\unregmp2.exe" [2008-04-14 208896]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\HP Deskjet 3050A J611 series\\Bin\\HPNetworkCommunicator.exe"=

.

S1 SASDIFSV;SASDIFSV;\??\g:\protection-scanning programs\(ignore) program and installation files\SASDIFSV.SYS --> g:\protection-scanning programs\(ignore) program and installation files\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\g:\protection-scanning programs\(ignore) program and installation files\SASKUTIL.SYS --> g:\protection-scanning programs\(ignore) program and installation files\SASKUTIL.SYS [?]

S4 cerc6;cerc6; [x]

S4 HitmanPro37CrusaderBoot;HitmanPro 3.7 Crusader (Boot);"g:\protection-scanning programs\HitmanPro.exe" /crusader:boot --> g:\protection-scanning programs\HitmanPro.exe [?]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 66.90.130.101 216.82.201.11 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-09-25 20:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HitmanPro37CrusaderBoot]

"ImagePath"="\"g:\protection-scanning programs\HitmanPro.exe\" /crusader:boot"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-823518204-1035525444-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,15,c5,5c,43,b5,b6,4a,ac,b6,df,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1944)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2013-09-25  20:03:02 - machine was rebooted

ComboFix-quarantined-files.txt  2013-09-26 01:03

ComboFix2.txt  2013-09-25 12:28

.

Pre-Run: 51,815,215,104 bytes free

Post-Run: 51,807,567,872 bytes free

.

- - End Of File - - 57984DBBFDB210E67FF6D308CA5EB451

8F558EB6672622401DA993E1E865C861

 

Combofix Quarantine list

2013-09-26 00:38:47 . 2013-09-26 00:38:47                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt

2013-09-25 12:28:23 . 2013-09-25 12:28:23            1,526 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Revo Uninstaller.reg.dat

2013-09-25 12:28:02 . 2013-09-25 12:28:02              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-47725133.sys.reg.dat

2013-09-25 12:28:00 . 2013-09-25 12:28:00              954 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat

2013-09-25 12:27:52 . 2013-09-25 12:27:52              190 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-RunOnce-OE_WMPWMFSDK_Install_3.reg.dat

2013-09-25 12:27:50 . 2013-09-25 12:27:50              173 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2013-09-25 12:13:14 . 2013-09-26 00:41:48            6,006 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-09-25 12:10:47 . 2013-09-26 00:38:45              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr

2013-09-25 12:07:27 . 2013-09-26 00:37:30              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log

2013-08-31 21:14:22 . 2013-08-31 21:14:22              630 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\EventSystem.log.vir

2008-04-14 07:00:00 . 2008-04-14 07:00:00           52,352 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\Volsnap.sys.vir

 

 

SystemLook

SystemLook 30.07.11 by jpshortstuff

Log created at 20:32 on 25/09/2013 by Administrator

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "Volsnap.sys"

C:\WINDOWS\ServicePackFiles\i386\volsnap.sys              ------- 52352 bytes           [21:01 31/08/2013]          [05:11 14/04/2008] 4C8FCB5CC53AAB716D810740FE59D025

C:\WINDOWS\system32\dllcache\volsnap.sys   --a--c- 52352 bytes          [07:00 14/04/2008]          [07:00 14/04/2008] 4C8FCB5CC53AAB716D810740FE59D025

C:\WINDOWS\system32\drivers\Volsnap.sys     --a---- 52352 bytes           [07:00 14/04/2008]          [07:00 14/04/2008] 4C8FCB5CC53AAB716D810740FE59D025

 

-= EOF =-






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users