Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyPC Backup - self installed malware. Unauthorized files upload


  • This topic is locked This topic is locked
12 replies to this topic

#1 seom

seom

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bulgaria
  • Local time:08:46 PM

Posted 12 October 2013 - 03:59 AM

Hello, new to the forum and hopefully made a clear theme for malware removal:

 

I noticed that a new alert message appear on my PC that ask for backup my files online. I noticed that there is a new item in Start > Programs. I am absolutely sure that I've never installed this software.

 

Unauthorized files upload: I found a image file uploaded in my fiverr account. The image contains an email. I've never created this image or have any idea what is the email address in it. I did not found another file uploads yet, probably the file was uploaded because the browser was opened to this fiverr page [I can provide the image if it will help]

 

Here is the DDS.txt result

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by user at 11:41:21 on 2013-10-12
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3574.1647 [GMT 3:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MyPC Backup\BackupStack.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\user\Application Data\ICQM\icq.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.bg/
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uProxyServer = 216.213.46.11:57119
uProxyOverride = local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: SFCDisable = dword:-99
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ICQ] c:\documents and settings\user\application data\icqm\icq.exe -CU
uRun: [Clownfish] "c:\program files\clownfish\Clownfish.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112210 serial=dr12wex-1504397-kty lang=EN
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Guard.Mail.ru.gui] "c:\program files\guard-icq\GuardICQ.exe" /gui
mRun: [ModemListener] c:\program files\vivacom 3g usb modem\ModemListener.exe start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {A310506F-6BA4-48c4-8887-1F462277AA12}
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\icq7.7\ICQ.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{3E7CC08F-F421-49C4-874E-94D7F2631205} : NameServer = 192.168.1.1,89.215.246.40
TCP: Interfaces\{DE8B7621-3C4C-417E-AF5B-5E9309051C8E} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 95.169.191.220 botmaster.ru
Hosts: 95.169.191.220 www.botmaster.ru
Hosts: 95.169.190.220 www.botmaster.net
Hosts: 95.169.190.220 botmaster.net
Hosts: 95.169.190.220 botmasternet.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\5xop2sih.default-1365974625265\
FF - prefs.js: network.proxy.http - 74.121.191.133
FF - prefs.js: network.proxy.http_port - 443
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-9-20 38440]
R2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\guard-icq\GuardICQ.exe [2012-1-24 1564368]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-7-29 1390976]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\ca1528av.sys --> c:\windows\system32\drivers\Ca1528av.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2013-7-20 1763584]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\bulk1528.sys --> c:\windows\system32\drivers\Bulk1528.sys [?]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [2013-6-5 106112]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2013-6-5 602912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-10-09 04:09:15 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 04:09:15 14976 ------w- c:\windows\system32\dllcache\usbscan.sys
2013-10-09 04:08:37 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 04:08:37 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-10-09 04:08:36 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-10-09 04:08:36 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-09-25 16:52:29 -------- d-----w- c:\documents and settings\user\.swt
2013-09-25 16:52:07 -------- d-----w- c:\program files\MyPC Backup
.
==================== Find3M  ====================
.
2013-10-08 20:39:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 20:39:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 11:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 22:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 11:42:10.26 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 12 October 2013 - 09:28 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 seom

seom
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bulgaria
  • Local time:08:46 PM

Posted 12 October 2013 - 12:48 PM

Hello Marius,

 

thank you for your reply. I read carefully your post and will try to not waste your time and to follow your instructions. And ... English is not my native language too so I'll try to keep my posts clear and simple and without misspellings. 

 

I read all your instructions and performed the steps exactly as described. Here is the content of the ark.txt file. For any case I attached the file to this message.

 

I am at your disposal for further instructions. Thank you for your help!

 

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-10-12 20:25:08
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3250318AS rev.CC35 232.89GB
Running: sq8zb3x8.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdqpoc.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            89E8DC90                                                                                                            ZwAssignProcessToJobObject
SSDT            spex.sys                                                                                                            ZwCreateKey [0xF74E40E0]
SSDT            89E8E200                                                                                                            ZwDebugActiveProcess
SSDT            89E8E2F0                                                                                                            ZwDuplicateObject
SSDT            spex.sys                                                                                                            ZwEnumerateKey [0xF74FCDA4]
SSDT            spex.sys                                                                                                            ZwEnumerateValueKey [0xF74FD132]
SSDT            spex.sys                                                                                                            ZwOpenKey [0xF74E40C0]
SSDT            89E8D590                                                                                                            ZwOpenProcess
SSDT            89E8D800                                                                                                            ZwOpenThread
SSDT            89E8DFD0                                                                                                            ZwProtectVirtualMemory
SSDT            spex.sys                                                                                                            ZwQueryKey [0xF74FD20A]
SSDT            spex.sys                                                                                                            ZwQueryValueKey [0xF74FD08A]
SSDT            89E8E0E0                                                                                                            ZwQueueApcThread
SSDT            89E8DEC0                                                                                                            ZwSetContextThread
SSDT            89E8DD90                                                                                                            ZwSetInformationThread
SSDT            89E8ADA0                                                                                                            ZwSetSecurityObject
SSDT            spex.sys                                                                                                            ZwSetValueKey [0xF74FD29C]
SSDT            89E8DB90                                                                                                            ZwSuspendProcess
SSDT            89E8DA80                                                                                                            ZwSuspendThread
SSDT            89E8D6E0                                                                                                            ZwTerminateProcess
SSDT            89E8DA50                                                                                                            ZwTerminateThread
SSDT            89E8E6D0                                                                                                            ZwWriteVirtualMemory
 
INT 0x62        ?                                                                                                                   8A4F8BF8
INT 0x63        ?                                                                                                                   8A4F8BF8
INT 0x63        ?                                                                                                                   8A4F8BF8
INT 0x63        ?                                                                                                                   8A435F00
INT 0x63        ?                                                                                                                   8A435F00
INT 0x63        ?                                                                                                                   8A4F8BF8
INT 0x73        ?                                                                                                                   8A435F00
INT 0x82        ?                                                                                                                   8A4F8BF8
INT 0xA4        ?                                                                                                                   8A435F00
INT 0xB4        ?                                                                                                                   8A435F00
 
---- Devices - GMER 2.1 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                                              8A4F71F8
 
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              eamon.sys
 
Device          \Driver\PCI_PNP2496 \Device\00000042                                                                                spex.sys
Device          \Driver\PCI_PNP2496 \Device\00000042                                                                                spex.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8A42D1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8A4881F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                             8A4881F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8A4881F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                               8A4881F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8A42D1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{3E7CC08F-F421-49C4-874E-94D7F2631205}                                            89DE71F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    8A42D1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    8A42D1F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                    8A3571F8
 
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           epfwtdir.sys
 
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A4F91F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        8A34A1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A4F91F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                         [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e                                                                         [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom1                                                                                        8A34A1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             89DE71F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    89DE71F8
Device          \Driver\sptd \Device\3562289996                                                                                     spex.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8A42D1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8A42D1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   89DD01F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    8A42D1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         89DD01F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    8A42D1F8
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    8A3571F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    8A4F91F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{138D866A-DDCE-48EB-BF58-D235CF001C12}                                            89DE71F8
Device          \Driver\azmei7hh \Device\Scsi\azmei7hh1                                                                             8A341500
Device          \Driver\azmei7hh \Device\Scsi\azmei7hh1Port4Path0Target0Lun0                                                        8A341500
Device          \FileSystem\Cdfs \Cdfs                                                                                              89D9A500
 
---- Trace I/O - GMER 2.1 ----
 
Trace           ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spex.sys >>UNKNOWN [0x8a4a8938]<<                     8a4a8938
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3bdab8]                                                             8a3bdab8
Trace           3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a452030]                                        8a452030
Trace           5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a451940]                               8a451940
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x16 0xFC 0xBE 0x35 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x04 0x71 0x91 0xB9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x3A 0x77 0x58 0x2A ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x16 0xFC 0xBE 0x35 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x04 0x71 0x91 0xB9 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x3A 0x77 0x58 0x2A ...
 
---- EOF - GMER 2.1 ----
 

 

 

Attached Files

  • Attached File  ark.txt   15.18KB   0 downloads


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 14 October 2013 - 05:31 AM

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

MyPC Backup


Close the window.

 

 

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 seom

seom
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bulgaria
  • Local time:08:46 PM

Posted 14 October 2013 - 02:57 PM

All done exactly as described

 

ComboFix 13-10-13.02 - user 10/14/2013  22:22:08.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3574.2547 [GMT 3:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\user\Application Data\PriceGong
c:\documents and settings\user\Application Data\PriceGong\Data\1.xml
c:\documents and settings\user\Application Data\PriceGong\Data\a.xml
c:\documents and settings\user\Application Data\PriceGong\Data\b.xml
c:\documents and settings\user\Application Data\PriceGong\Data\c.xml
c:\documents and settings\user\Application Data\PriceGong\Data\d.xml
c:\documents and settings\user\Application Data\PriceGong\Data\e.xml
c:\documents and settings\user\Application Data\PriceGong\Data\f.xml
c:\documents and settings\user\Application Data\PriceGong\Data\g.xml
c:\documents and settings\user\Application Data\PriceGong\Data\h.xml
c:\documents and settings\user\Application Data\PriceGong\Data\i.xml
c:\documents and settings\user\Application Data\PriceGong\Data\J.xml
c:\documents and settings\user\Application Data\PriceGong\Data\k.xml
c:\documents and settings\user\Application Data\PriceGong\Data\l.xml
c:\documents and settings\user\Application Data\PriceGong\Data\m.xml
c:\documents and settings\user\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\user\Application Data\PriceGong\Data\n.xml
c:\documents and settings\user\Application Data\PriceGong\Data\o.xml
c:\documents and settings\user\Application Data\PriceGong\Data\p.xml
c:\documents and settings\user\Application Data\PriceGong\Data\q.xml
c:\documents and settings\user\Application Data\PriceGong\Data\r.xml
c:\documents and settings\user\Application Data\PriceGong\Data\s.xml
c:\documents and settings\user\Application Data\PriceGong\Data\t.xml
c:\documents and settings\user\Application Data\PriceGong\Data\u.xml
c:\documents and settings\user\Application Data\PriceGong\Data\v.xml
c:\documents and settings\user\Application Data\PriceGong\Data\w.xml
c:\documents and settings\user\Application Data\PriceGong\Data\x.xml
c:\documents and settings\user\Application Data\PriceGong\Data\y.xml
c:\documents and settings\user\Application Data\PriceGong\Data\z.xml
c:\documents and settings\user\Application Data\ubot
c:\documents and settings\user\Recent\Thumbs.db
C:\END
c:\program files\Image Converter .EXE
c:\program files\Image Converter .EXE\blank.gif
c:\program files\Image Converter .EXE\compare template.html
c:\program files\Image Converter .EXE\detail template.html
c:\program files\Image Converter .EXE\Help\CommandLines.htm
c:\program files\Image Converter .EXE\Help\pv_registration.mht
c:\program files\Image Converter .EXE\imageconverter.exe
c:\program files\Image Converter .EXE\license.txt
c:\program files\Image Converter .EXE\logfile.txt
c:\program files\Image Converter .EXE\thumbnail template.html
c:\program files\Image Converter .EXE\unins000.dat
c:\program files\Image Converter .EXE\unins000.exe
c:\program files\Image Converter .EXE\Web\Image Converter .EXE Home Page.url
c:\program files\Image Converter .EXE\Web\Order Image Converter .EXE.url
c:\program files\Image Converter .EXE\Web\SoftTech InterCorp.url
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ChilkatMail_v7_9.dll
c:\windows\system32\ijl11.dll
c:\windows\system32\winlogon.bak
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 19:09 . 2013-10-14 19:09 -------- d-----w- c:\windows\system32\wbem\snmp
2013-10-14 19:09 . 2013-10-14 19:09 -------- d-----w- c:\windows\system32\xircom
2013-10-14 19:09 . 2013-10-14 19:09 -------- d-----w- c:\program files\microsoft frontpage
2013-10-09 04:09 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 04:09 . 2013-07-03 01:59 14976 ------w- c:\windows\system32\dllcache\usbscan.sys
2013-10-09 04:08 . 2013-08-09 00:55 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 04:08 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-10-09 04:08 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 04:08 . 2013-08-09 00:55 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-09-25 16:52 . 2013-09-25 16:52 -------- d-----w- c:\documents and settings\user\.swt
2013-09-25 16:52 . 2013-10-14 18:31 -------- d-----w- c:\program files\MyPC Backup
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 20:39 . 2012-04-08 07:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 20:39 . 2011-06-16 05:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2008-11-09 16:21 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2008-04-14 00:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2008-04-14 00:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2008-04-14 00:41 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-13 19:07 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31 . 2010-01-09 09:25 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2008-04-14 00:42 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-13 19:15 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2010-07-30 09:15 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2004-08-12 10:31 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 00:42 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 11:18 . 2009-01-30 17:35 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-18 22:18 . 2013-07-18 22:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-29 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-04-16 802136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-27 39408]
"ICQ"="c:\documents and settings\user\Application Data\ICQM\icq.exe" [2013-01-13 26606072]
"Clownfish"="c:\program files\Clownfish\Clownfish.exe" [2013-05-13 1268472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-12 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-12 141336]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [BU]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2012-01-24 1564368]
"ModemListener"="c:\program files\VIVACOM 3G USB MODEM\ModemListener.exe" [2012-09-20 111480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\user\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Documents and Settings\\user\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Captcha Sniper\\CaptchaSniper.exe"=
"c:\\Program Files\\ICQ7.7\\ICQ.exe"=
"c:\\xampp\\htdocs\\WikiSmasher V7\\WikiSmasher V7.exe"=
"c:\\xampp\\htdocs\\WikiSmasher V5\\WikiSmasher V5.exe"=
"c:\\Documents and Settings\\user\\Application Data\\ICQM\\icq.exe"=
"c:\\Documents and Settings\\user\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 4:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 4:49 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 4:47 PM 731840]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [1/24/2012 8:43 PM 1564368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/29/2010 7:47 PM 1390976]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start --> c:\program files\Common Files\DeviceHelper\DeviceManager.exe -start [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [11/22/2012 11:29 AM 3290304]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9/5/2013 10:34 AM 171680]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [7/20/2013 3:44 PM 1763584]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [6/5/2013 9:14 PM 106112]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [6/5/2013 9:08 PM 602912]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 6:08 AM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/30/2010 2:22 PM 691696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-06 07:44 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 20:39]
.
2013-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 14:57]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 11:26]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 11:26]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-630328440-1801674531-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-30 18:49]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-630328440-1801674531-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-30 18:49]
.
2011-08-02 c:\windows\Tasks\txtexport_0.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_0.bat [2011-04-21 15:44]
.
2011-08-02 c:\windows\Tasks\txtexport_1.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_1.bat [2011-04-21 15:44]
.
2011-07-07 c:\windows\Tasks\txtexport_10.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_10.bat [2011-04-21 15:46]
.
2011-05-15 c:\windows\Tasks\txtexport_11.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_11.bat [2011-05-10 15:44]
.
2011-08-02 c:\windows\Tasks\txtexport_2.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_2.bat [2011-04-21 15:44]
.
2011-07-12 c:\windows\Tasks\txtexport_3.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_3.bat [2011-04-21 15:45]
.
2011-07-12 c:\windows\Tasks\txtexport_4.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_4.bat [2011-04-21 15:45]
.
2011-07-12 c:\windows\Tasks\txtexport_5.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_5.bat [2011-04-21 15:45]
.
2011-07-12 c:\windows\Tasks\txtexport_6.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_6.bat [2011-04-21 15:45]
.
2011-07-08 c:\windows\Tasks\txtexport_7.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_7.bat [2011-04-21 15:45]
.
2011-07-08 c:\windows\Tasks\txtexport_8.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_8.bat [2011-04-21 15:45]
.
2011-07-08 c:\windows\Tasks\txtexport_9.job
- c:\xampp\htdocs\ContentScraper\Chapter 2 Content\Stage 1 Text\Step 2 - Extract Articles\txtexport_9.bat [2011-04-21 15:46]
.
2013-10-14 c:\windows\Tasks\User_Feed_Synchronization-{3B729F77-6821-4417-AF3E-0237E7223143}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.bg/
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyServer = 216.213.46.11:57119
uInternet Settings,ProxyOverride = local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: Interfaces\{3E7CC08F-F421-49C4-874E-94D7F2631205}: NameServer = 192.168.1.1,89.215.246.40
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5xop2sih.default-1365974625265\
FF - prefs.js: network.proxy.http - 74.121.191.133
FF - prefs.js: network.proxy.http_port - 443
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-14 22:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"="BUSINESS EDITION"
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eavbe"
"ProductVersion"="4.0.437.0"
"UniqueId"="000B98234EEF039C"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-10-14  22:36:33
ComboFix-quarantined-files.txt  2013-10-14 19:36
.
Pre-Run: 7,133,282,304 bytes free
Post-Run: 7,123,771,392 bytes free
.
- - End Of File - - 1FEDBB19B4CFA059DDDBAB59F3D3A9F3
8F558EB6672622401DA993E1E865C861


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 15 October 2013 - 02:22 AM

Scan with SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 seom

seom
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bulgaria
  • Local time:08:46 PM

Posted 16 October 2013 - 11:29 AM

Hello Marius,

 

thank you for your reply. I performed the scan with SystemLook.exe and here is the log file

 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:19 on 16/10/2013 by user
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "winlogon.exe"
C:\WINDOWS\system32\winlogon.exe --a---- 507904 bytes [00:42 14/04/2008] [16:17 29/07/2010] 679A7259741F6A09994F02CE261B5F2E
 
-= EOF =-


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 17 October 2013 - 02:25 AM

Do you have the XP disk?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 seom

seom
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bulgaria
  • Local time:08:46 PM

Posted 17 October 2013 - 11:20 AM

I am afraid I have no...



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 18 October 2013 - 02:06 AM

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 seom

seom
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bulgaria
  • Local time:08:46 PM

Posted 20 October 2013 - 02:26 AM

10:24:27.0145 0x0e8c  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
10:24:33.0942 0x0e8c  ============================================================
10:24:33.0942 0x0e8c  Current date / time: 2013/10/20 10:24:33.0942
10:24:33.0942 0x0e8c  SystemInfo:
10:24:33.0942 0x0e8c  
10:24:33.0942 0x0e8c  OS Version: 5.1.2600 ServicePack: 3.0
10:24:33.0942 0x0e8c  Product type: Workstation
10:24:33.0942 0x0e8c  ComputerName: NEWPC
10:24:33.0942 0x0e8c  UserName: user
10:24:33.0942 0x0e8c  Windows directory: C:\WINDOWS
10:24:33.0942 0x0e8c  System windows directory: C:\WINDOWS
10:24:33.0942 0x0e8c  Processor architecture: Intel x86
10:24:33.0942 0x0e8c  Number of processors: 2
10:24:33.0942 0x0e8c  Page size: 0x1000
10:24:33.0942 0x0e8c  Boot type: Normal boot
10:24:33.0942 0x0e8c  ============================================================
10:24:37.0083 0x0e8c  System UUID: {E750EEAE-5E63-F1B1-BB82-398A8408D4A2}
10:24:39.0005 0x0e8c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:24:39.0005 0x0e8c  ============================================================
10:24:39.0005 0x0e8c  \Device\Harddisk0\DR0:
10:24:39.0005 0x0e8c  MBR partitions:
10:24:39.0005 0x0e8c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61AB7E8
10:24:39.0020 0x0e8c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61AB866, BlocksNum 0x17018D1B
10:24:39.0020 0x0e8c  ============================================================
10:24:39.0083 0x0e8c  C: <-> \Device\Harddisk0\DR0\Partition1
10:24:39.0130 0x0e8c  D: <-> \Device\Harddisk0\DR0\Partition2
10:24:39.0130 0x0e8c  ============================================================
10:24:39.0130 0x0e8c  Initialize success
10:24:39.0130 0x0e8c  ============================================================
10:24:47.0317 0x0770  ============================================================
10:24:47.0317 0x0770  Scan started
10:24:47.0317 0x0770  Mode: Manual; 
10:24:47.0317 0x0770  ============================================================
10:24:47.0317 0x0770  KSN ping started
10:24:49.0708 0x0770  KSN ping finished: true
10:24:50.0020 0x0770  ================ Scan system memory ========================
10:24:50.0020 0x0770  System memory - ok
10:24:50.0020 0x0770  ================ Scan services =============================
10:24:51.0458 0x0770  Abiosdsk - ok
10:24:51.0474 0x0770  abp480n5 - ok
10:24:51.0536 0x0770  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:24:51.0614 0x0770  ACPI - ok
10:24:51.0817 0x0770  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:24:51.0833 0x0770  ACPIEC - ok
10:24:51.0974 0x0770  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:24:52.0020 0x0770  AdobeFlashPlayerUpdateSvc - ok
10:24:52.0036 0x0770  adpu160m - ok
10:24:52.0099 0x0770  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:24:52.0145 0x0770  aec - ok
10:24:52.0208 0x0770  [ F6B7B1ECD7B41736BDB6FF4B092BCB79, B892C7303E08238C025409D602CB2F58D273B19B81CF04E26EA52A27EE7706DB ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:24:52.0224 0x0770  AFD - ok
10:24:52.0224 0x0770  Aha154x - ok
10:24:52.0239 0x0770  aic78u2 - ok
10:24:52.0255 0x0770  aic78xx - ok
10:24:52.0286 0x0770  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:24:52.0286 0x0770  Alerter - ok
10:24:52.0317 0x0770  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
10:24:52.0317 0x0770  ALG - ok
10:24:52.0333 0x0770  AliIde - ok
10:24:52.0333 0x0770  amsint - ok
10:24:52.0411 0x0770  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:24:52.0442 0x0770  AppMgmt - ok
10:24:52.0989 0x0770  [ 7141E281D840699D9D79B18F4062DD58, E4A452F70F90C25D8F4B3F53BBD67729CF9157FF784B7B37D909590F5D68DFA8 ] AR9271          C:\WINDOWS\system32\DRIVERS\athuw.sys
10:24:53.0489 0x0770  AR9271 - ok
10:24:53.0489 0x0770  asc - ok
10:24:53.0489 0x0770  asc3350p - ok
10:24:53.0505 0x0770  asc3550 - ok
10:24:53.0770 0x0770  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:24:54.0005 0x0770  aspnet_state - ok
10:24:54.0036 0x0770  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:24:54.0052 0x0770  AsyncMac - ok
10:24:54.0114 0x0770  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:24:54.0114 0x0770  atapi - ok
10:24:54.0114 0x0770  Atdisk - ok
10:24:54.0130 0x0770  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:24:54.0161 0x0770  Atmarpc - ok
10:24:54.0192 0x0770  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:24:54.0208 0x0770  AudioSrv - ok
10:24:54.0224 0x0770  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:24:54.0239 0x0770  audstub - ok
10:24:54.0270 0x0770  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:24:54.0302 0x0770  Beep - ok
10:24:54.0427 0x0770  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:24:54.0536 0x0770  BITS - ok
10:24:54.0614 0x0770  [ FC6D1D80588D371F0321E15A75B2F8F2, C87F45BA56B273ED75693BA88879AA5E39F4DEAD7A0F386A4E51171961F880EB ] Browser         C:\WINDOWS\System32\browser.dll
10:24:54.0692 0x0770  Browser - ok
10:24:54.0692 0x0770  Bulk1528 - ok
10:24:54.0692 0x0770  Ca1528av - ok
10:25:10.0036 0x0770  catchme - ok
10:25:11.0380 0x0770  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:25:11.0411 0x0770  cbidf2k - ok
10:25:11.0427 0x0770  cd20xrnt - ok
10:25:11.0427 0x0770  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:25:11.0474 0x0770  Cdaudio - ok
10:25:11.0505 0x0770  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:25:11.0552 0x0770  Cdfs - ok
10:25:11.0583 0x0770  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:25:11.0630 0x0770  Cdrom - ok
10:25:11.0630 0x0770  Changer - ok
10:25:11.0645 0x0770  CiSvc - ok
10:25:11.0661 0x0770  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:25:11.0677 0x0770  ClipSrv - ok
10:25:11.0942 0x0770  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:25:12.0130 0x0770  clr_optimization_v2.0.50727_32 - ok
10:25:12.0380 0x0770  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:25:12.0520 0x0770  clr_optimization_v4.0.30319_32 - ok
10:25:12.0536 0x0770  CmdIde - ok
10:25:12.0536 0x0770  COMSysApp - ok
10:25:12.0536 0x0770  Cpqarray - ok
10:25:12.0583 0x0770  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:25:12.0599 0x0770  CryptSvc - ok
10:25:12.0599 0x0770  dac2w2k - ok
10:25:12.0614 0x0770  dac960nt - ok
10:25:12.0755 0x0770  [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:25:12.0755 0x0770  DcomLaunch - ok
10:25:12.0864 0x0770  DeviceManager - ok
10:25:12.0911 0x0770  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:25:12.0942 0x0770  Dhcp - ok
10:25:12.0974 0x0770  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:25:12.0989 0x0770  Disk - ok
10:25:12.0989 0x0770  dmadmin - ok
10:25:13.0942 0x0770  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:25:14.0692 0x0770  dmboot - ok
10:25:14.0989 0x0770  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:25:15.0317 0x0770  dmio - ok
10:25:15.0349 0x0770  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:25:15.0380 0x0770  dmload - ok
10:25:15.0427 0x0770  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:25:15.0427 0x0770  dmserver - ok
10:25:15.0474 0x0770  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:25:15.0474 0x0770  DMusic - ok
10:25:15.0505 0x0770  [ D977659AE4D8ECE5286D99D1ED34614D, 4D7DF9C6D5E8255DDD34AFCC04DA0B675162BF852D29DB50C6451C5BDD7269D5 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:25:15.0520 0x0770  Dnscache - ok
10:25:15.0567 0x0770  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:25:15.0614 0x0770  Dot3svc - ok
10:25:15.0614 0x0770  dpti2o - ok
10:25:15.0630 0x0770  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:25:15.0661 0x0770  drmkaud - ok
10:25:15.0708 0x0770  [ E31464CE787E3A0FFEA55BAA591897F0, 697C9E110F530A1FBC4B37E73F435C1CCFAC3B479298D768F758605A2A26C0CC ] eamon           C:\WINDOWS\system32\DRIVERS\eamon.sys
10:25:15.0739 0x0770  eamon - ok
10:25:15.0817 0x0770  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:25:15.0817 0x0770  EapHost - ok
10:25:15.0864 0x0770  [ 2C95A7A87E4272C1FFF9BAF579677DB3, 7E4365F2D3875AB4395BE5A12D1E56DB3BD5D4A3D9ED4079E2832AF90945D335 ] ehdrv           C:\WINDOWS\system32\DRIVERS\ehdrv.sys
10:25:15.0911 0x0770  ehdrv - ok
10:25:16.0020 0x0770  [ 5E245B6C66122614000ADDFCD41CEDCE, 08C31A2210C1AD2CBFF2F69843ADBA8ABDE73092C3D39CDB6FE34CC32AA53EB3 ] EhttpSrv        C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
10:25:16.0036 0x0770  EhttpSrv - ok
10:25:16.0255 0x0770  [ A5F63285C1B6C4B396D9ACE0DFFC88EF, 82E37155447C1BB3DE76EB741E1E4DF2A7E23C8A7A583517E97BAD6790BCD259 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
10:25:16.0474 0x0770  ekrn - ok
10:25:16.0520 0x0770  [ 4699A50183B792D994BE657C68F18E9E, 669FF4E76A001DDD41D6DA2BC164C31890DD83162322174C9A5D93E8283EEC74 ] epfwtdir        C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
10:25:16.0645 0x0770  epfwtdir - ok
10:25:16.0661 0x0770  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:25:16.0661 0x0770  ERSvc - ok
10:25:16.0724 0x0770  [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] Eventlog        C:\WINDOWS\system32\services.exe
10:25:16.0755 0x0770  Eventlog - ok
10:25:16.0833 0x0770  [ F17F6226BDC0CD5F0BEF0DAF84D29BEC, 51EDCDEB437A8984C086CC19C25958CBF0B8EB18FEA21173D1DCCDC39B6E64E1 ] EventSystem     C:\WINDOWS\system32\es.dll
10:25:16.0895 0x0770  EventSystem - ok
10:25:16.0942 0x0770  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:25:17.0005 0x0770  Fastfat - ok
10:25:17.0067 0x0770  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:25:17.0099 0x0770  FastUserSwitchingCompatibility - ok
10:25:17.0114 0x0770  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
10:25:17.0145 0x0770  Fdc - ok
10:25:17.0458 0x0770  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:25:17.0599 0x0770  Fips - ok
10:25:17.0661 0x0770  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
10:25:17.0692 0x0770  Flpydisk - ok
10:25:17.0770 0x0770  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:25:17.0817 0x0770  FltMgr - ok
10:25:17.0895 0x0770  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:25:17.0895 0x0770  FontCache3.0.0.0 - ok
10:25:17.0927 0x0770  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:25:17.0958 0x0770  Fs_Rec - ok
10:25:17.0989 0x0770  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:25:18.0052 0x0770  Ftdisk - ok
10:25:18.0083 0x0770  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:25:18.0114 0x0770  Gpc - ok
10:25:18.0583 0x0770  [ E859CA020ED61899F3C74A8D0032D05C, 6BDB0E1E8AA0CA2AFE82EEB86936E824DC5D8473D1539A953EA5369DB04E63CE ] Guard.Mail.ru   C:\Program Files\Guard-ICQ\GuardICQ.exe
10:25:18.0989 0x0770  Guard.Mail.ru - ok
10:25:19.0099 0x0770  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:25:19.0114 0x0770  gupdate - ok
10:25:19.0161 0x0770  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:25:19.0161 0x0770  gupdatem - ok
10:25:19.0239 0x0770  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:25:19.0255 0x0770  gusvc - ok
10:25:19.0317 0x0770  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:25:19.0380 0x0770  HDAudBus - ok
10:25:19.0427 0x0770  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:25:19.0442 0x0770  helpsvc - ok
10:25:19.0474 0x0770  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:25:19.0474 0x0770  HidServ - ok
10:25:19.0489 0x0770  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:25:19.0520 0x0770  HidUsb - ok
10:25:19.0583 0x0770  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:25:19.0708 0x0770  hkmsvc - ok
10:25:19.0724 0x0770  hpn - ok
10:25:20.0052 0x0770  [ 937031C085718C1C04A9C0864625EC6B, B812A70063750090202D646F466BD7F0377413F74AD109F8097CB2A1FB42466B ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:25:20.0317 0x0770  HTTP - ok
10:25:20.0349 0x0770  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:25:20.0364 0x0770  HTTPFilter - ok
10:25:20.0364 0x0770  i2omgmt - ok
10:25:20.0364 0x0770  i2omp - ok
10:25:20.0395 0x0770  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:25:20.0458 0x0770  i8042prt - ok
10:25:22.0286 0x0770  [ 9ACB03875CFE068D5CC0E98FB2CF7017, EF07C774A286B587979B8C0071AB90ABFEBD1CB4CD4F2E58A4EEE83C3D969BE5 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:25:23.0989 0x0770  ialm - ok
10:25:24.0286 0x0770  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:25:24.0536 0x0770  idsvc - ok
10:25:24.0583 0x0770  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:25:24.0708 0x0770  Imapi - ok
10:25:24.0708 0x0770  ini910u - ok
10:25:24.0724 0x0770  IntelIde - ok
10:25:24.0755 0x0770  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:25:24.0770 0x0770  intelppm - ok
10:25:24.0802 0x0770  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:25:24.0833 0x0770  Ip6Fw - ok
10:25:24.0864 0x0770  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:25:24.0911 0x0770  IpFilterDriver - ok
10:25:24.0911 0x0770  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:25:24.0942 0x0770  IpInIp - ok
10:25:24.0989 0x0770  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:25:25.0036 0x0770  IpNat - ok
10:25:25.0067 0x0770  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:25:25.0083 0x0770  IPSec - ok
10:25:25.0114 0x0770  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:25:25.0130 0x0770  IRENUM - ok
10:25:25.0161 0x0770  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:25:25.0177 0x0770  isapnp - ok
10:25:25.0364 0x0770  [ 4F4D4AA1E0849FECC0CF5AACD59030B5, F90F33F59926A8F3599B2711C3F4D8F638068D3BE83B390CECD81F9F71DA0DE2 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:25:25.0411 0x0770  JavaQuickStarterService - ok
10:25:25.0458 0x0770  [ AE2200BA12EB181FD512B38B19953F4F, 6F6F646AC837EEE8DD1CE7D3B6DB11958AC78306538181D80FAA048F87827FE0 ] jrdusbser       C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
10:25:25.0489 0x0770  jrdusbser - ok
10:25:25.0520 0x0770  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:25:25.0536 0x0770  Kbdclass - ok
10:25:25.0552 0x0770  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:25:25.0567 0x0770  kbdhid - ok
10:25:25.0630 0x0770  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:25:25.0630 0x0770  kmixer - ok
10:25:25.0692 0x0770  [ C6EBF1D6AD71DF30DB49B8D3287E1368, 09A8F5BCE774BA8881195AB390692048C3B05EDC8C0BF3ACBC673FD391A29D72 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:25:25.0739 0x0770  KSecDD - ok
10:25:25.0770 0x0770  [ 080CF8720A306A64F7A09D1226491791, B75EAD1846FFA65D386A55BFEE2CF94CBE02BE01DACCD336A8153DD58016E8AE ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
10:25:25.0802 0x0770  L1e - ok
10:25:25.0864 0x0770  [ 3695B8D03745B2F8022B161238347A9D, AFA2FFA9D3A5CA7383FA1A60C7E1C054EF6B0021A62B2AC3AAC499DF12765F93 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
10:25:25.0880 0x0770  LanmanServer - ok
10:25:25.0942 0x0770  [ 3B9324D60DD321BAB7BF6F77931D3FD1, 060F32C57CF9ABE9039CDD51A7CA9DE33ED407E17ECA20DAA3AB0F795E798511 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:25:25.0974 0x0770  lanmanworkstation - ok
10:25:25.0989 0x0770  lbrtfdc - ok
10:25:26.0005 0x0770  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:25:26.0020 0x0770  LmHosts - ok
10:25:26.0052 0x0770  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:25:26.0067 0x0770  Messenger - ok
10:25:26.0083 0x0770  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:25:26.0114 0x0770  mnmdd - ok
10:25:26.0145 0x0770  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:25:26.0161 0x0770  mnmsrvc - ok
10:25:26.0177 0x0770  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:25:26.0224 0x0770  Modem - ok
10:25:26.0239 0x0770  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:25:26.0270 0x0770  Mouclass - ok
10:25:26.0286 0x0770  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:25:26.0317 0x0770  mouhid - ok
10:25:26.0333 0x0770  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:25:26.0380 0x0770  MountMgr - ok
10:25:26.0442 0x0770  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:25:26.0474 0x0770  MozillaMaintenance - ok
10:25:26.0474 0x0770  mraid35x - ok
10:25:26.0536 0x0770  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:25:26.0661 0x0770  MRxDAV - ok
10:25:26.0817 0x0770  [ FB2FCCC70F7174C7BF64F48E96D3ADF4, 484B4DF0A500CAE8AFA4F3A6393615A3963D91C95939025DF1A172C9A67D951D ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:25:26.0927 0x0770  MRxSmb - ok
10:25:26.0958 0x0770  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:25:26.0958 0x0770  MSDTC - ok
10:25:26.0989 0x0770  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:25:27.0020 0x0770  Msfs - ok
10:25:27.0020 0x0770  MSIServer - ok
10:25:27.0052 0x0770  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:25:27.0083 0x0770  MSKSSRV - ok
10:25:27.0099 0x0770  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:25:27.0130 0x0770  MSPCLOCK - ok
10:25:27.0145 0x0770  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:25:27.0177 0x0770  MSPQM - ok
10:25:27.0192 0x0770  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:25:27.0224 0x0770  mssmbios - ok
10:25:27.0286 0x0770  MSSQL$SQLEXPRESS - ok
10:25:27.0380 0x0770  [ F1761C8FB2B25A32C6D63E36BB88C3AE, C88F5EF7B547DAA2394888362916FA18F07241E0BF2B938297428A1C04FFD806 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:25:27.0395 0x0770  MSSQLServerADHelper100 - ok
10:25:27.0427 0x0770  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:25:27.0458 0x0770  MTsensor - ok
10:25:27.0505 0x0770  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:25:27.0520 0x0770  Mup - ok
10:25:27.0630 0x0770  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:25:27.0708 0x0770  napagent - ok
10:25:27.0786 0x0770  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:25:27.0817 0x0770  NDIS - ok
10:25:27.0849 0x0770  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:25:27.0849 0x0770  NdisTapi - ok
10:25:27.0849 0x0770  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:25:27.0864 0x0770  Ndisuio - ok
10:25:27.0895 0x0770  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:25:27.0942 0x0770  NdisWan - ok
10:25:27.0958 0x0770  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:25:27.0958 0x0770  NDProxy - ok
10:25:27.0989 0x0770  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:25:28.0005 0x0770  NetBIOS - ok
10:25:28.0052 0x0770  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:25:28.0099 0x0770  NetBT - ok
10:25:28.0130 0x0770  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:25:28.0161 0x0770  NetDDE - ok
10:25:28.0192 0x0770  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:25:28.0192 0x0770  NetDDEdsdm - ok
10:25:28.0224 0x0770  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:25:28.0224 0x0770  Netlogon - ok
10:25:28.0286 0x0770  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
10:25:28.0349 0x0770  Netman - ok
10:25:28.0395 0x0770  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:25:28.0474 0x0770  NetTcpPortSharing - ok
10:25:28.0567 0x0770  [ FCEE5FCB99F7C724593365C706D28388, 96A5E34E78934026357945F7CA3D1BBEF284BE76625DF3CB6B4B5EA4B5807136 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:25:28.0630 0x0770  Nla - ok
10:25:28.0661 0x0770  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:25:28.0692 0x0770  Npfs - ok
10:25:28.0880 0x0770  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:25:29.0067 0x0770  Ntfs - ok
10:25:29.0083 0x0770  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:25:29.0083 0x0770  NtLmSsp - ok
10:25:29.0239 0x0770  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:25:29.0349 0x0770  NtmsSvc - ok
10:25:29.0364 0x0770  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:25:29.0395 0x0770  Null - ok
10:25:29.0427 0x0770  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:25:29.0458 0x0770  NwlnkFlt - ok
10:25:29.0474 0x0770  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:25:29.0505 0x0770  NwlnkFwd - ok
10:25:29.0614 0x0770  [ EA8B5610D18D3F8CE3545DBCBA01B506, 22F3EDA106BD6EDEDED83F6BA8E21042382F38E126194DA50FDC966B7881B6DD ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
10:25:29.0708 0x0770  OpenVPNService - ok
10:25:29.0786 0x0770  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:25:29.0817 0x0770  ose - ok
10:25:29.0942 0x0770  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:25:29.0989 0x0770  Parport - ok
10:25:30.0005 0x0770  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:25:30.0036 0x0770  PartMgr - ok
10:25:30.0067 0x0770  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:25:30.0099 0x0770  ParVdm - ok
10:25:30.0130 0x0770  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:25:30.0177 0x0770  PCI - ok
10:25:30.0192 0x0770  PCIDump - ok
10:25:30.0208 0x0770  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:25:30.0239 0x0770  PCIIde - ok
10:25:30.0286 0x0770  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:25:30.0364 0x0770  Pcmcia - ok
10:25:30.0364 0x0770  PDCOMP - ok
10:25:30.0380 0x0770  PDFRAME - ok
10:25:30.0380 0x0770  PDRELI - ok
10:25:30.0380 0x0770  PDRFRAME - ok
10:25:30.0395 0x0770  perc2 - ok
10:25:30.0395 0x0770  perc2hib - ok
10:25:30.0458 0x0770  [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] PlugPlay        C:\WINDOWS\system32\services.exe
10:25:30.0458 0x0770  PlugPlay - ok
10:25:30.0474 0x0770  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:25:30.0474 0x0770  PolicyAgent - ok
10:25:30.0505 0x0770  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:25:30.0552 0x0770  PptpMiniport - ok
10:25:30.0567 0x0770  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:25:30.0567 0x0770  ProtectedStorage - ok
10:25:30.0599 0x0770  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:25:30.0677 0x0770  PSched - ok
10:25:30.0708 0x0770  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:25:30.0739 0x0770  Ptilink - ok
10:25:30.0770 0x0770  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:25:30.0817 0x0770  PxHelp20 - ok
10:25:30.0817 0x0770  ql1080 - ok
10:25:30.0817 0x0770  Ql10wnt - ok
10:25:30.0833 0x0770  ql12160 - ok
10:25:30.0833 0x0770  ql1240 - ok
10:25:30.0833 0x0770  ql1280 - ok
10:25:30.0849 0x0770  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:25:30.0880 0x0770  RasAcd - ok
10:25:30.0927 0x0770  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:25:30.0942 0x0770  RasAuto - ok
10:25:30.0974 0x0770  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:25:31.0020 0x0770  Rasl2tp - ok
10:25:31.0114 0x0770  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:25:31.0161 0x0770  RasMan - ok
10:25:31.0177 0x0770  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:25:31.0208 0x0770  RasPppoe - ok
10:25:31.0224 0x0770  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:25:31.0255 0x0770  Raspti - ok
10:25:31.0317 0x0770  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:25:31.0458 0x0770  Rdbss - ok
10:25:31.0489 0x0770  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:25:31.0520 0x0770  RDPCDD - ok
10:25:31.0599 0x0770  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:25:31.0677 0x0770  rdpdr - ok
10:25:31.0739 0x0770  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:25:31.0786 0x0770  RDPWD - ok
10:25:31.0864 0x0770  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:25:31.0911 0x0770  RDSessMgr - ok
10:25:32.0208 0x0770  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:25:32.0255 0x0770  redbook - ok
10:25:32.0286 0x0770  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:25:32.0302 0x0770  RemoteAccess - ok
10:25:32.0333 0x0770  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:25:32.0349 0x0770  RemoteRegistry - ok
10:25:32.0380 0x0770  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:25:32.0395 0x0770  RpcLocator - ok
10:25:32.0520 0x0770  [ 9222562D44021B988B9F9F62207FB6F2, AB92E30C03536D174DA896D0BFA076020B15C2D0CDD4BADE5469EA0198704039 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:25:32.0536 0x0770  RpcSs - ok
10:25:32.0645 0x0770  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD, 0168F61220999B2D084EDEF87079C1970BC53A9AFE4241B08931F9408FF58013 ] RsFx0103        C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
10:25:32.0692 0x0770  RsFx0103 - ok
10:25:32.0755 0x0770  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:25:32.0786 0x0770  RSVP - ok
10:25:32.0974 0x0770  [ ACD10C56E4455F203707A679040C3B61, E36018BF7F57878F8F5141111BDD8E8C7ED0B8C31EE26CF34C853ED3CE7DA0E3 ] RTL8192su       C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
10:25:33.0130 0x0770  RTL8192su - ok
10:25:33.0145 0x0770  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:25:33.0145 0x0770  SamSs - ok
10:25:33.0192 0x0770  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:25:33.0224 0x0770  SCardSvr - ok
10:25:33.0286 0x0770  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:25:33.0349 0x0770  Schedule - ok
10:25:33.0364 0x0770  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:25:33.0395 0x0770  Secdrv - ok
10:25:33.0411 0x0770  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:25:33.0411 0x0770  seclogon - ok
10:25:33.0427 0x0770  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
10:25:33.0442 0x0770  SENS - ok
10:25:33.0442 0x0770  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:25:33.0474 0x0770  serenum - ok
10:25:33.0505 0x0770  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:25:33.0583 0x0770  Serial - ok
10:25:33.0614 0x0770  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:25:33.0645 0x0770  Sfloppy - ok
10:25:33.0755 0x0770  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:25:33.0833 0x0770  SharedAccess - ok
10:25:33.0880 0x0770  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:25:33.0880 0x0770  ShellHWDetection - ok
10:25:33.0880 0x0770  Simbad - ok
10:25:34.0895 0x0770  [ 3740B83AEC21D981065D7E819BD7E878, C36B8555B6440EE3C26309D8C327022911558492769812CA7DAAEE3BA3AD51C1 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:25:35.0786 0x0770  Skype C2C Service - ok
10:25:35.0864 0x0770  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:25:35.0880 0x0770  SkypeUpdate - ok
10:25:35.0895 0x0770  Sparrow - ok
10:25:35.0911 0x0770  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:25:35.0927 0x0770  splitter - ok
10:25:35.0958 0x0770  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:25:35.0974 0x0770  Spooler - ok
10:25:36.0177 0x0770  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
10:25:36.0364 0x0770  sptd - ok
10:25:36.0505 0x0770  [ A687B5B326AFCFCF182C4931D1FF9771, B8447F9FFB87A2B891D9FE29BA5182ED1129B718FB27990CE79E6CDCA6023A59 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:25:36.0614 0x0770  SQLAgent$SQLEXPRESS - ok
10:25:36.0724 0x0770  [ B54B48F6D92423440C264E91225C5FF1, 7484D90CE309555E1FB54F011A2980D8491354223111B7AA16D1D2473570DC19 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:25:36.0802 0x0770  SQLBrowser - ok
10:25:36.0849 0x0770  [ 637A0F23F9012358E92E6F99835494D1, 5399EF5C35D58B6902F470BF5F851C96CBD83CAD77658917C46867B91D7D9442 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:25:36.0880 0x0770  SQLWriter - ok
10:25:36.0911 0x0770  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:25:36.0958 0x0770  sr - ok
10:25:37.0005 0x0770  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:25:37.0052 0x0770  srservice - ok
10:25:37.0177 0x0770  [ 9B390283569EA58D43D2586032B892F5, FADC0AD9D8F715290F02A6A59B284A6AD53C5BD13933B1D3ECC03C558C9D5885 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:25:37.0302 0x0770  Srv - ok
10:25:37.0333 0x0770  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:25:37.0364 0x0770  SSDPSRV - ok
10:25:37.0474 0x0770  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:25:37.0567 0x0770  stisvc - ok
10:25:37.0599 0x0770  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:25:37.0630 0x0770  swenum - ok
10:25:37.0661 0x0770  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:25:37.0724 0x0770  swmidi - ok
10:25:37.0724 0x0770  SwPrv - ok
10:25:37.0739 0x0770  symc810 - ok
10:25:37.0739 0x0770  symc8xx - ok
10:25:37.0755 0x0770  sym_hi - ok
10:25:37.0755 0x0770  sym_u3 - ok
10:25:37.0802 0x0770  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:25:37.0817 0x0770  sysaudio - ok
10:25:37.0849 0x0770  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:25:37.0880 0x0770  SysmonLog - ok
10:25:37.0911 0x0770  [ 9171A2543E4B23EEFC03F4CD671EA54A, EC5C45F81C94AE39B9FF24293EB67CD67A47F90981F702E211B21B62BBC97715 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
10:25:37.0911 0x0770  tap0901 - ok
10:25:37.0989 0x0770  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:25:38.0067 0x0770  TapiSrv - ok
10:25:38.0192 0x0770  [ AD978A1B783B5719720CFF204B666C8E, FA50A3664522C58E1637C06731B9CB9D56FF14F0A5F8AB496A1945585E8A2C16 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:25:38.0317 0x0770  Tcpip - ok
10:25:38.0333 0x0770  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:25:38.0364 0x0770  TDPIPE - ok
10:25:38.0395 0x0770  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:25:38.0427 0x0770  TDTCP - ok
10:25:38.0442 0x0770  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:25:38.0536 0x0770  TermDD - ok
10:25:38.0661 0x0770  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:25:38.0755 0x0770  TermService - ok
10:25:38.0802 0x0770  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:25:38.0802 0x0770  Themes - ok
10:25:38.0849 0x0770  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
10:25:38.0864 0x0770  TlntSvr - ok
10:25:38.0880 0x0770  TosIde - ok
10:25:38.0911 0x0770  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:25:38.0942 0x0770  TrkWks - ok
10:25:38.0974 0x0770  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:25:39.0020 0x0770  Udfs - ok
10:25:39.0020 0x0770  ultra - ok
10:25:39.0130 0x0770  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:25:39.0255 0x0770  Update - ok
10:25:39.0317 0x0770  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:25:39.0364 0x0770  upnphost - ok
10:25:39.0380 0x0770  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
10:25:39.0380 0x0770  UPS - ok
10:25:39.0427 0x0770  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:25:39.0427 0x0770  usbccgp - ok
10:25:39.0442 0x0770  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:25:39.0442 0x0770  usbehci - ok
10:25:39.0489 0x0770  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:25:39.0520 0x0770  usbhub - ok
10:25:39.0552 0x0770  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:25:39.0645 0x0770  USBSTOR - ok
10:25:39.0677 0x0770  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:25:39.0692 0x0770  usbuhci - ok
10:25:39.0724 0x0770  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:25:39.0739 0x0770  VgaSave - ok
10:25:40.0161 0x0770  [ 8586D10602FF4994E0F56A13A47D2B28, 47837E8A02F29719A7C2E54E7A93558C967C0CD7EF57D8F1B558A61699C4B4C7 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
10:25:40.0567 0x0770  VIAHdAudAddService - ok
10:25:40.0567 0x0770  ViaIde - ok
10:25:40.0583 0x0770  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:25:40.0614 0x0770  VolSnap - ok
10:25:40.0708 0x0770  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:25:40.0786 0x0770  VSS - ok
10:25:40.0833 0x0770  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:25:40.0880 0x0770  W32Time - ok
10:25:40.0895 0x0770  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:25:40.0927 0x0770  Wanarp - ok
10:25:40.0927 0x0770  WDICA - ok
10:25:40.0974 0x0770  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:25:41.0005 0x0770  wdmaud - ok
10:25:41.0020 0x0770  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:25:41.0036 0x0770  WebClient - ok
10:25:41.0317 0x0770  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:25:41.0349 0x0770  winmgmt - ok
10:25:41.0380 0x0770  [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:25:41.0380 0x0770  WmdmPmSN - ok
10:25:41.0583 0x0770  [ C8A6C82F90B055149925DC7526B2D78C, 9E0FA00550229883025E8AD0BC3E3F55457B241D0D259B178935F0B16EC30BB2 ] Wmi             C:\WINDOWS\System32\advapi32.dll
10:25:41.0739 0x0770  Wmi - ok
10:25:41.0802 0x0770  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:25:41.0833 0x0770  WmiApSrv - ok
10:25:42.0114 0x0770  [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:25:42.0364 0x0770  WMPNetworkSvc - ok
10:25:42.0770 0x0770  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:25:43.0161 0x0770  WPFFontCache_v0400 - ok
10:25:43.0192 0x0770  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:25:43.0224 0x0770  WS2IFSL - ok
10:25:43.0270 0x0770  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:25:43.0286 0x0770  wscsvc - ok
10:25:43.0302 0x0770  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:25:43.0317 0x0770  wuauserv - ok
10:25:43.0349 0x0770  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:25:43.0395 0x0770  WudfPf - ok
10:25:43.0442 0x0770  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:25:43.0458 0x0770  WudfRd - ok
10:25:43.0489 0x0770  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:25:43.0505 0x0770  WudfSvc - ok
10:25:43.0661 0x0770  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:25:43.0802 0x0770  WZCSVC - ok
10:25:43.0864 0x0770  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:25:43.0895 0x0770  xmlprov - ok
10:25:43.0911 0x0770  ================ Scan global ===============================
10:25:43.0942 0x0770  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
10:25:44.0052 0x0770  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:25:44.0224 0x0770  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:25:44.0286 0x0770  [ 020CEAAEDC8EB655B6506B8C70D53BB6, 0E2E00BF1C2C47D272A250687E703ACDDE2A1EE8C471FFEAB5974AD05461C81A ] C:\WINDOWS\system32\services.exe
10:25:44.0286 0x0770  [ Global ] - ok
10:25:44.0286 0x0770  ================ Scan MBR ==================================
10:25:44.0302 0x0770  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:25:44.0520 0x0770  \Device\Harddisk0\DR0 - ok
10:25:44.0520 0x0770  ================ Scan VBR ==================================
10:25:44.0536 0x0770  [ 8F8A97F9FAB43AF3ED9BEA97E04952D8 ] \Device\Harddisk0\DR0\Partition1
10:25:44.0536 0x0770  \Device\Harddisk0\DR0\Partition1 - ok
10:25:44.0552 0x0770  [ 53514B3E61C317AD94A3958E63E0E9CC ] \Device\Harddisk0\DR0\Partition2
10:25:44.0567 0x0770  \Device\Harddisk0\DR0\Partition2 - ok
10:25:44.0599 0x0770  Waiting for KSN requests completion. In queue: 160
10:25:45.0599 0x0770  Waiting for KSN requests completion. In queue: 160
10:25:46.0599 0x0770  Waiting for KSN requests completion. In queue: 160
10:25:48.0192 0x0770  AV detected via SS1: ESET NOD32 Antivirus 4.0, 4.0, enabled, updated
10:25:48.0208 0x0770  Win FW state via NFM: enabled
10:25:50.0474 0x0770  ============================================================
10:25:50.0474 0x0770  Scan finished
10:25:50.0474 0x0770  ============================================================
10:25:50.0474 0x12d8  Detected object count: 0
10:25:50.0474 0x12d8  Actual detected object count: 0


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 20 October 2013 - 12:40 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 28 October 2013 - 05:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users