Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.agent Gen-nullo virus


  • Please log in to reply
13 replies to this topic

#1 kg198

kg198

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 October 2013 - 01:36 PM

My browser, Firefox and Internet Exprorer,  are running very wierd and with 2,3,4 second delays.

 

When I ran Malwarebytes and Superantispyware it found this trojan gen-nullo virus and something from "visual bee". 

Avast found nothing.

 

I deleted them, rebooted but still have problems because the browser is delayed by several seconds when navigating anywhere.  Any thoughts? 

 

Thank you very much.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 15 October 2013 - 07:59 PM

Welcome kg!
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     
    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner
    Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 16 October 2013 - 08:45 AM

Thanks for the quick reply.

 

Here are the 4 reports you requested and I ran. 

 

(For ADWcleaner, there was no "Delete" as one of the actions to select-- I clicked "Scan" and the report is attached, the "visualbee" reference is there).  Thank you. KG

 

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by paul anthony (administrator) on 15-10-2013 at 22:49:16
Running from "C:\Documents and Settings\paul anthony\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 802.11g Network Adapter = Wireless Network Connection (Connected)
SiS 900-Based PCI Fast Ethernet Adapter = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : acer-2e68c49b20

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : aitconsultingllc.com

                                            webville.net



Ethernet adapter Local Area Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter

        Physical Address. . . . . . . . . : 00-16-36-40-27-8D



Ethernet adapter Wireless Network Connection:



        Connection-specific DNS Suffix  . : gateway.2wire.net

        Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

        Physical Address. . . . . . . . . : 00-16-CE-85-D3-2F

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.65

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Tuesday, October 15, 2013 9:23:49 PM

        Lease Expires . . . . . . . . . . : Wednesday, October 16, 2013 9:23:49 PM

Server:  home
Address:  192.168.1.254

Name:    google.com
Addresses:  74.125.226.227, 74.125.226.226, 74.125.226.230, 74.125.226.228
      74.125.226.225, 74.125.226.229, 74.125.226.224, 74.125.226.233, 74.125.226.238
      74.125.226.231, 74.125.226.232



Pinging google.com [74.125.226.229] with 32 bytes of data:



Reply from 74.125.226.229: bytes=32 time=20ms TTL=56

Reply from 74.125.226.229: bytes=32 time=21ms TTL=56



Ping statistics for 74.125.226.229:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 20ms, Maximum = 21ms, Average = 20ms

Server:  home
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=59ms TTL=50

Reply from 98.138.253.109: bytes=32 time=84ms TTL=50



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 59ms, Maximum = 84ms, Average = 71ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 36 40 27 8d ...... SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
0x20004 ...00 16 ce 85 d3 2f ...... Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.65      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.65    192.168.1.65      25
     192.168.1.65  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.1.255  255.255.255.255     192.168.1.65    192.168.1.65      25
        224.0.0.0        240.0.0.0     192.168.1.65    192.168.1.65      25
  255.255.255.255  255.255.255.255     192.168.1.65               2      1
  255.255.255.255  255.255.255.255     192.168.1.65    192.168.1.65      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/14/2013 01:49:47 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5D003860F002ED829DEAA41868F788186D62127F.crt> with error: The server name or address could not be resolved

Error: (10/14/2013 01:36:56 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/10/2013 04:47:18 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80072f8f, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/07/2013 09:14:08 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9901.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/03/2013 10:59:46 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/28/2013 07:13:15 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/16/2013 09:26:46 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9800.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/09/2013 11:59:43 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/08/2013 09:48:52 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6014.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2013 00:01:54 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9800.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (10/15/2013 09:19:32 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 149.152.104.139 on the
Network Card with network address 0016CE85D32F.

Error: (10/14/2013 01:36:49 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.159.2116.0

    Update Source: %NT AUTHORITY59

    Update Stage: 3.0.8402.00

    Source Path: 3.0.8402.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (10/13/2013 11:59:26 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 149.152.102.123 on the
Network Card with network address 0016CE85D32F.

Error: (10/11/2013 02:50:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
gagp30kx

Error: (10/10/2013 04:47:16 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.159.1804.0

    Update Source: %NT AUTHORITY59

    Update Stage: 3.0.8402.00

    Source Path: 3.0.8402.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (10/10/2013 09:34:30 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 149.152.98.133 on the
Network Card with network address 0016CE85D32F.

Error: (10/08/2013 09:44:48 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 149.152.111.21 on the
Network Card with network address 0016CE85D32F.

Error: (10/06/2013 09:50:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (10/06/2013 09:50:30 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Error: (10/05/2013 08:34:08 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.65 on the
Network Card with network address 0016CE85D32F.


Microsoft Office Sessions:
=========================
Error: (05/02/2012 10:54:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 45 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/27/2011 03:14:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2769 seconds with 0 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Acer eManager for Notebook (Version: 1.0.34.52)
Acer GridVista (Version: 2.29.0728)
Adobe Download Manager (Version: 1.6.2.102)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.14)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Agere Systems AC'97 Modem
Arcade 3.0
avast! Free Antivirus (Version: 8.0.1489.0)
Badongo (Version: 3.3.0)
Cisco NAC Agent  (Version: 4.9.2.7)
Creative Live! Cam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Creative WebCam Live! Ultra User's Guide (English)
Critical Update for Windows Media Player 11 (KB959772)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.2.0.0)
EPSON Event Manager (Version: 1.80.00)
EPSON File Manager (Version: 1.3.0.0)
EPSON Perf 4490P Guide
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
Get Yahoo! Messenger
Google Chrome (Version: 30.0.1599.69)
Google Earth (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.165)
HiJackThis (Version: 1.0.0)
Intel® Create & Share® Software
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Easy Assist (Version: 1.0.2028.0)
Microsoft IntelliType Pro 5.5 (Version: 5.50.661.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Standard 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Viewer 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTI Backup NOW! 4 (Version: 4.0)
NTI CD & DVD-Maker (Version: 7.0.0.37)
NTI CD & DVD-Maker Gold (Version: 7.0.0.37)
Octoshape add-in for Adobe Flash Player
Olympus Digital Wave Player
OLYMPUS DSS Player-Lite
Opera 11.10 (Version: 11.10.2092)
Opera 12.16 (Version: 12.16.1860)
PowerProducer
Realtek AC'97 Audio (Version: 5.36)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver (Version: 7.2.0.1200)
SketchUp 8 (Version: 3.0.16846)
Skype™ 6.3 (Version: 6.3.107)
SUPERAntiSpyware (Version: 5.0.1148)
Synaptics Pointing Device Driver (Version: 7.12.3.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Outlook 2007 (KB933493)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Messenger (Version: 8.0.0812.00)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 1982.48 MB
Available physical RAM: 1434.93 MB
Total Pagefile: 2502.11 MB
Available Pagefile: 1974.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.57 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:35.55 GB) (Free:2.87 GB) FAT32
2 Drive d: (ACERDATA) (Fixed) (Total:36.03 GB) (Free:22.58 GB) FAT32

========================= Users: ========================================

User accounts for \\ACER-2E68C49B20

Administrator            Guest                    HelpAssistant            
paul anthony             SUPPORT_388945a0         


**** End of log ****
 

 

 

 

 

 

 

 

 

 

 

22:54:16.0406 0x0f28  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
22:54:22.0531 0x0f28  ============================================================
22:54:22.0531 0x0f28  Current date / time: 2013/10/15 22:54:22.0531
22:54:22.0531 0x0f28  SystemInfo:
22:54:22.0531 0x0f28  
22:54:22.0531 0x0f28  OS Version: 5.1.2600 ServicePack: 3.0
22:54:22.0531 0x0f28  Product type: Workstation
22:54:22.0531 0x0f28  ComputerName: ACER-2E68C49B20
22:54:22.0531 0x0f28  UserName: paul anthony
22:54:22.0531 0x0f28  Windows directory: C:\WINDOWS
22:54:22.0531 0x0f28  System windows directory: C:\WINDOWS
22:54:22.0531 0x0f28  Processor architecture: Intel x86
22:54:22.0531 0x0f28  Number of processors: 1
22:54:22.0531 0x0f28  Page size: 0x1000
22:54:22.0531 0x0f28  Boot type: Normal boot
22:54:22.0531 0x0f28  ============================================================
22:54:27.0578 0x0f28  System UUID: {C680A1AB-E571-8C24-4FF5-19BB40307CFE}
22:54:31.0296 0x0f28  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:54:31.0296 0x0f28  ============================================================
22:54:31.0296 0x0f28  \Device\Harddisk0\DR0:
22:54:31.0296 0x0f28  MBR partitions:
22:54:31.0296 0x0f28  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x5DA3FE, BlocksNum 0x471E7A2
22:54:31.0296 0x0f28  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x4CF8BA0, BlocksNum 0x4815921
22:54:31.0296 0x0f28  ============================================================
22:54:31.0328 0x0f28  C: <-> \Device\Harddisk0\DR0\Partition1
22:54:31.0343 0x0f28  D: <-> \Device\Harddisk0\DR0\Partition2
22:54:31.0343 0x0f28  ============================================================
22:54:31.0343 0x0f28  Initialize success
22:54:31.0343 0x0f28  ============================================================
22:54:35.0140 0x0b28  ============================================================
22:54:35.0140 0x0b28  Scan started
22:54:35.0140 0x0b28  Mode: Manual;
22:54:35.0140 0x0b28  ============================================================
22:54:35.0140 0x0b28  KSN ping started
22:54:37.0687 0x0b28  KSN ping finished: true
22:54:38.0500 0x0b28  ================ Scan system memory ========================
22:54:38.0500 0x0b28  System memory - ok
22:54:38.0500 0x0b28  ================ Scan services =============================
22:54:38.0703 0x0b28  [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:54:38.0734 0x0b28  !SASCORE - ok
22:54:38.0937 0x0b28  Abiosdsk - ok
22:54:38.0968 0x0b28  abp480n5 - ok
22:54:39.0062 0x0b28  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:54:39.0171 0x0b28  ACPI - ok
22:54:39.0203 0x0b28  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:54:39.0234 0x0b28  ACPIEC - ok
22:54:39.0250 0x0b28  adpu160m - ok
22:54:39.0328 0x0b28  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
22:54:39.0437 0x0b28  aec - ok
22:54:39.0531 0x0b28  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
22:54:39.0609 0x0b28  AFD - ok
22:54:40.0140 0x0b28  [ CEFFA3DB1657293322E0BDEA7D99E754, FF92F15A3BB289EC5E24ADAB3F57CB898F5D4567833A9C23EEB3AE65742CF12D ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:54:40.0625 0x0b28  AgereSoftModem - ok
22:54:40.0671 0x0b28  Aha154x - ok
22:54:40.0687 0x0b28  aic78u2 - ok
22:54:40.0718 0x0b28  aic78xx - ok
22:54:42.0171 0x0b28  [ DD8520280304B6145A6BE31008748C7C, 4007EAA97E501492E450241338759337EF05E4F5C61AA05FF4BA3CFAD036B0D9 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:54:43.0515 0x0b28  ALCXWDM - ok
22:54:43.0796 0x0b28  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
22:54:43.0843 0x0b28  Alerter - ok
22:54:43.0906 0x0b28  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
22:54:43.0921 0x0b28  ALG - ok
22:54:43.0984 0x0b28  AliIde - ok
22:54:44.0031 0x0b28  [ A2D5F093F9CB160C183C77015704F156, 1674B889452CD107DA6C725DCBBCBAF03DB22103C14AD3173E517FCB4FF1DEFD ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:54:44.0078 0x0b28  AmdK8 - ok
22:54:44.0109 0x0b28  amsint - ok
22:54:44.0609 0x0b28  [ C10D0FAE427EA464EDEA2EE5DC40F056, FFA15DFFA3820F3DC1D1266A65836DC9F775BBF4964F12CFE1F5BB589A089417 ] anbmService     C:\Acer\eManager\anbmServ.exe
22:54:45.0984 0x0b28  anbmService - ok
22:54:46.0093 0x0b28  AppMgmt - ok
22:54:46.0125 0x0b28  asc - ok
22:54:46.0140 0x0b28  asc3350p - ok
22:54:46.0156 0x0b28  asc3550 - ok
22:54:46.0218 0x0b28  [ 4AF5F360BA1E8794D32B366E45A64A0A, 6AF5410168E06A6895237183AA9769576031FAF412ABFC46572A013432BE1F86 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:54:46.0328 0x0b28  aswFsBlk - ok
22:54:46.0375 0x0b28  [ 1F7094D4268D46F718C51286DC189791, 4820C1417876C45EBC1C33C66265AC16A6A016599256DDBA45D4D6E147DDE8A0 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:54:46.0468 0x0b28  aswMonFlt - ok
22:54:46.0531 0x0b28  [ 7B43265F92257A21CBFD88E7A651044C, E01A0E5BB3621CDEA906B63992A0258AC2BC79C487D128551153563FE1CBE819 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
22:54:46.0625 0x0b28  aswRdr - ok
22:54:46.0671 0x0b28  [ B680134BA1813B78B47FDD1DFF223CA5, 51B749766B8D1E75F8D652A9BDB8839A95A2637B05E1B2BFF4FF8B0E77A02D50 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
22:54:46.0734 0x0b28  aswRvrt - ok
22:54:47.0015 0x0b28  [ CCD565A8A72AF7D45F9A242013870926, 7E5A0EA32C5BAEA25C093A270CFEEE21E57272BC79221BDA58DDBF1CD9E9868C ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
22:54:47.0453 0x0b28  aswSnx - ok
22:54:47.0625 0x0b28  [ 937300BC7C4CDF7576BCCE44E19BBB9D, 2275DE904940042421D8A33ACC8C0E1C7FAED7E59FA4658938FB8DBE6D624634 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
22:54:48.0046 0x0b28  aswSP - ok
22:54:48.0125 0x0b28  [ 1F71F170D90E42EFDE9633D81D5E12DC, 62053E412F8269B4E906E482B905CADCFEA0D3296B525C1141944D5EA9B227A8 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
22:54:48.0187 0x0b28  aswTdi - ok
22:54:48.0265 0x0b28  [ 8CFAA2B965773A653F48F1207A9CB9C4, A4A58FAF10BB174A0400F3A25912A497300E5EEDF54B93B44FA67CA191047D06 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
22:54:48.0390 0x0b28  aswVmm - ok
22:54:48.0437 0x0b28  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:54:48.0500 0x0b28  AsyncMac - ok
22:54:48.0578 0x0b28  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
22:54:48.0578 0x0b28  atapi - ok
22:54:48.0609 0x0b28  Atdisk - ok
22:54:48.0656 0x0b28  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:54:48.0734 0x0b28  Atmarpc - ok
22:54:48.0812 0x0b28  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
22:54:48.0859 0x0b28  AudioSrv - ok
22:54:48.0906 0x0b28  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
22:54:48.0921 0x0b28  audstub - ok
22:54:49.0109 0x0b28  [ 28D6701C710AD7BA3CB95E75F8F1A9AA, 66EE8BC56E5043B5A84E1BA37D591EAD132BD949F03CA8092FDCC3E196AB39D0 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:54:49.0125 0x0b28  avast! Antivirus - ok
22:54:49.0312 0x0b28  [ 38CA1443660D0F5F06887C6A2E692AEB, 6E410FB4C617CBF3A420F8255DD41B3BCAD41FA206276B0C055362BE794B294F ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:54:49.0375 0x0b28  BCM43XX - ok
22:54:49.0437 0x0b28  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:54:49.0500 0x0b28  Beep - ok
22:54:49.0687 0x0b28  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
22:54:49.0796 0x0b28  BITS - ok
22:54:49.0906 0x0b28  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
22:54:49.0953 0x0b28  Browser - ok
22:54:50.0109 0x0b28  catchme - ok
22:54:50.0156 0x0b28  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
22:54:50.0187 0x0b28  cbidf2k - ok
22:54:50.0234 0x0b28  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:54:50.0265 0x0b28  CCDECODE - ok
22:54:50.0296 0x0b28  cd20xrnt - ok
22:54:50.0343 0x0b28  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
22:54:50.0406 0x0b28  Cdaudio - ok
22:54:50.0468 0x0b28  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
22:54:50.0546 0x0b28  Cdfs - ok
22:54:50.0625 0x0b28  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:54:50.0687 0x0b28  Cdrom - ok
22:54:50.0718 0x0b28  Changer - ok
22:54:50.0812 0x0b28  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
22:54:50.0859 0x0b28  CiSvc - ok
22:54:50.0921 0x0b28  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
22:54:50.0984 0x0b28  ClipSrv - ok
22:54:51.0031 0x0b28  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:54:51.0062 0x0b28  CmBatt - ok
22:54:51.0093 0x0b28  CmdIde - ok
22:54:51.0125 0x0b28  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:54:51.0156 0x0b28  Compbatt - ok
22:54:51.0203 0x0b28  COMSysApp - ok
22:54:51.0250 0x0b28  Cpqarray - ok
22:54:51.0328 0x0b28  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
22:54:51.0390 0x0b28  CryptSvc - ok
22:54:51.0453 0x0b28  [ B5ECADF7708960F1818C7FA015F4C239, A58BA71B08A9D46EB79EB3DF0858F553A11DE3461E13B6D926E25D21D4CBB2D8 ] CVirtA          C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:54:51.0468 0x0b28  CVirtA - ok
22:54:51.0484 0x0b28  dac2w2k - ok
22:54:51.0515 0x0b28  dac960nt - ok
22:54:51.0687 0x0b28  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:54:51.0796 0x0b28  DcomLaunch - ok
22:54:51.0906 0x0b28  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
22:54:51.0906 0x0b28  Dhcp - ok
22:54:51.0968 0x0b28  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
22:54:52.0015 0x0b28  Disk - ok
22:54:52.0062 0x0b28  [ 08D30AF92C270F2E76787C81589DBAD6, 9B88639CCDF83AEF87A0EB6FCB571BF56CDE2FDF4FD2FDE02699218667614559 ] DKbFltr         C:\WINDOWS\system32\Drivers\DKbFltr.sys
22:54:52.0125 0x0b28  DKbFltr - ok
22:54:52.0187 0x0b28  dmadmin - ok
22:54:52.0515 0x0b28  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
22:54:52.0765 0x0b28  dmboot - ok
22:54:52.0953 0x0b28  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
22:54:53.0140 0x0b28  dmio - ok
22:54:53.0203 0x0b28  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
22:54:53.0250 0x0b28  dmload - ok
22:54:53.0328 0x0b28  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
22:54:53.0437 0x0b28  dmserver - ok
22:54:53.0531 0x0b28  [ A6F881284AC1150E37D9AE47FF601267, 6C07654CF21637E527FC727EB50F4138BF0EFF0680000AC94001063B436389DB ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
22:54:53.0640 0x0b28  DMusic - ok
22:54:53.0734 0x0b28  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:54:53.0781 0x0b28  Dnscache - ok
22:54:53.0906 0x0b28  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:54:54.0062 0x0b28  Dot3svc - ok
22:54:54.0218 0x0b28  [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:54:54.0437 0x0b28  dot4 - ok
22:54:54.0468 0x0b28  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:54:54.0500 0x0b28  Dot4Print - ok
22:54:54.0562 0x0b28  [ 6EC3AF6BB5B30E488A0C559921F012E1, 2BB92048A3FB4AEE6B852B9E2F2B2743A8EB73FEBD62273FDB40EF5C90CD5962 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:54:54.0671 0x0b28  dot4usb - ok
22:54:54.0687 0x0b28  dpti2o - ok
22:54:54.0765 0x0b28  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E, B941AB5D9D504486083E0D1539B1A96E27721C9EFD7A67CA1DB7258B0D33AB78 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:54:54.0781 0x0b28  drmkaud - ok
22:54:54.0859 0x0b28  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
22:54:54.0968 0x0b28  EapHost - ok
22:54:55.0031 0x0b28  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
22:54:55.0078 0x0b28  ERSvc - ok
22:54:55.0156 0x0b28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
22:54:55.0218 0x0b28  Eventlog - ok
22:54:55.0406 0x0b28  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
22:54:55.0531 0x0b28  EventSystem - ok
22:54:55.0671 0x0b28  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
22:54:55.0750 0x0b28  Fastfat - ok
22:54:55.0812 0x0b28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:54:55.0859 0x0b28  FastUserSwitchingCompatibility - ok
22:54:56.0000 0x0b28  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
22:54:56.0265 0x0b28  Fax - ok
22:54:56.0328 0x0b28  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
22:54:56.0421 0x0b28  Fdc - ok
22:54:56.0531 0x0b28  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
22:54:56.0593 0x0b28  Fips - ok
22:54:56.0687 0x0b28  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
22:54:56.0765 0x0b28  Flpydisk - ok
22:54:56.0843 0x0b28  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:54:56.0921 0x0b28  FltMgr - ok
22:54:56.0953 0x0b28  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:54:56.0984 0x0b28  Fs_Rec - ok
22:54:57.0062 0x0b28  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:54:57.0125 0x0b28  Ftdisk - ok
22:54:57.0171 0x0b28  [ 3A74C423CF6BCCA6982715878F450A3B, A98D6D377B48D05BE3927F6E93D0DE7741E115C43125C0E0DE6EEFE023DE73BC ] gagp30kx        C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
22:54:57.0234 0x0b28  gagp30kx - ok
22:54:57.0281 0x0b28  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:54:57.0343 0x0b28  Gpc - ok
22:54:57.0562 0x0b28  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:57.0578 0x0b28  gupdate - ok
22:54:57.0593 0x0b28  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:54:57.0593 0x0b28  gupdatem - ok
22:54:57.0687 0x0b28  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:54:57.0734 0x0b28  helpsvc - ok
22:54:57.0812 0x0b28  HidServ - ok
22:54:57.0890 0x0b28  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:54:57.0890 0x0b28  HidUsb - ok
22:54:57.0984 0x0b28  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
22:54:58.0078 0x0b28  hkmsvc - ok
22:54:58.0109 0x0b28  hpn - ok
22:54:58.0218 0x0b28  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
22:54:58.0343 0x0b28  HTTP - ok
22:54:58.0406 0x0b28  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
22:54:58.0453 0x0b28  HTTPFilter - ok
22:54:58.0484 0x0b28  i2omgmt - ok
22:54:58.0500 0x0b28  i2omp - ok
22:54:58.0546 0x0b28  [ 5502B58EEF7486EE6F93F3F164DCB808, 7E56E49D6444F2F48037B859B491DF95E1C90EC7ED4EF9C477CD2C49783E62E0 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:54:58.0609 0x0b28  i8042prt - ok
22:54:58.0703 0x0b28  [ 673962B31666F877C283A81392EAB199, 16AE4D52C5B802D7C58DB26CE7D622877AA1C2CC266B865789B5CE756C473AA3 ] ICAM3NT5        C:\WINDOWS\system32\Drivers\ICAM3D2.SYS
22:54:58.0796 0x0b28  ICAM3NT5 - ok
22:54:58.0843 0x0b28  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
22:54:58.0906 0x0b28  Imapi - ok
22:54:59.0015 0x0b28  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
22:54:59.0171 0x0b28  ImapiService - ok
22:54:59.0218 0x0b28  ini910u - ok
22:54:59.0390 0x0b28  [ 4D8D5B1C895EA0F2A721B98A7CE198F1, A7BB7060B9C5353A5EDD18EE5A0950EE94E44B1B686F110F0E5BFA432D743DD1 ] int15.sys       C:\Acer\Empowering Technology\eRecovery\int15.sys
22:54:59.0453 0x0b28  int15.sys - ok
22:54:59.0468 0x0b28  IntelIde - ok
22:54:59.0515 0x0b28  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
22:54:59.0625 0x0b28  Ip6Fw - ok
22:54:59.0671 0x0b28  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:54:59.0734 0x0b28  IpFilterDriver - ok
22:54:59.0781 0x0b28  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:54:59.0843 0x0b28  IpInIp - ok
22:54:59.0921 0x0b28  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:55:00.0031 0x0b28  IpNat - ok
22:55:00.0093 0x0b28  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:55:00.0187 0x0b28  IPSec - ok
22:55:00.0218 0x0b28  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
22:55:00.0250 0x0b28  IRENUM - ok
22:55:00.0296 0x0b28  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:55:00.0343 0x0b28  isapnp - ok
22:55:00.0390 0x0b28  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:55:00.0468 0x0b28  Kbdclass - ok
22:55:00.0562 0x0b28  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
22:55:00.0562 0x0b28  kmixer - ok
22:55:00.0640 0x0b28  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
22:55:00.0734 0x0b28  KSecDD - ok
22:55:00.0812 0x0b28  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
22:55:00.0875 0x0b28  lanmanserver - ok
22:55:01.0000 0x0b28  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:55:01.0078 0x0b28  lanmanworkstation - ok
22:55:01.0093 0x0b28  lbrtfdc - ok
22:55:01.0171 0x0b28  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
22:55:01.0203 0x0b28  LmHosts - ok
22:55:01.0296 0x0b28  McAfeeFramework - ok
22:55:01.0359 0x0b28  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
22:55:01.0406 0x0b28  Messenger - ok
22:55:01.0437 0x0b28  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
22:55:01.0468 0x0b28  mnmdd - ok
22:55:01.0531 0x0b28  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
22:55:01.0625 0x0b28  mnmsrvc - ok
22:55:01.0687 0x0b28  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
22:55:01.0750 0x0b28  Modem - ok
22:55:01.0796 0x0b28  [ 34E1F0031153E491910E12551400192C, D608F77DB7035FD676773A3DF8DBC5DD52CC5198D0681A73D7EAA6C161047A90 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:55:01.0843 0x0b28  Mouclass - ok
22:55:01.0906 0x0b28  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:55:01.0906 0x0b28  mouhid - ok
22:55:01.0953 0x0b28  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
22:55:02.0046 0x0b28  MountMgr - ok
22:55:02.0187 0x0b28  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:55:02.0328 0x0b28  MozillaMaintenance - ok
22:55:02.0437 0x0b28  [ FEE0BADED54222E9F1DAE9541212AAB1, 436FD3BFD698576F5F947795462F9E7970F9A6F19C9F066CC63A3B97590DB5E3 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:55:02.0484 0x0b28  MpFilter - ok
22:55:02.0718 0x0b28  [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsld429f1bf   C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B92CC16E-F962-42FD-9F47-6EE296BCE84B}\MpKsld429f1bf.sys
22:55:02.0718 0x0b28  MpKsld429f1bf - ok
22:55:02.0750 0x0b28  mraid35x - ok
22:55:02.0828 0x0b28  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:55:02.0921 0x0b28  MRxDAV - ok
22:55:03.0125 0x0b28  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:55:03.0296 0x0b28  MRxSmb - ok
22:55:03.0375 0x0b28  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
22:55:03.0406 0x0b28  MSDTC - ok
22:55:03.0453 0x0b28  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:55:03.0500 0x0b28  Msfs - ok
22:55:03.0562 0x0b28  MSIServer - ok
22:55:03.0609 0x0b28  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:55:03.0640 0x0b28  MSKSSRV - ok
22:55:03.0734 0x0b28  [ CFCE43B70CA0CC4DCC8ADB62B792B173, 227F64B151B502D1D67BD6FEBADA3A567CFF2219305459C70BF1B17D1CD5BE3A ] MsMpSvc         C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:55:03.0750 0x0b28  MsMpSvc - ok
22:55:03.0796 0x0b28  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:55:03.0812 0x0b28  MSPCLOCK - ok
22:55:03.0859 0x0b28  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:55:03.0875 0x0b28  MSPQM - ok
22:55:03.0937 0x0b28  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:55:04.0000 0x0b28  mssmbios - ok
22:55:04.0046 0x0b28  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:55:04.0078 0x0b28  MSTEE - ok
22:55:04.0156 0x0b28  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
22:55:04.0296 0x0b28  Mup - ok
22:55:04.0375 0x0b28  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:55:04.0453 0x0b28  NABTSFEC - ok
22:55:04.0968 0x0b28  [ E8918F142FC0DA71B2E5310E0A9508D7, 868411D42690C660BD2DB113BDFB630ADAF0B1B8171C3905DC66B39092C36DDA ] NACAgent        C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
22:55:05.0296 0x0b28  NACAgent - ok
22:55:05.0484 0x0b28  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
22:55:05.0671 0x0b28  napagent - ok
22:55:05.0781 0x0b28  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
22:55:05.0890 0x0b28  NDIS - ok
22:55:05.0968 0x0b28  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:55:06.0000 0x0b28  NdisIP - ok
22:55:06.0046 0x0b28  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:55:06.0078 0x0b28  NdisTapi - ok
22:55:06.0125 0x0b28  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:55:06.0156 0x0b28  Ndisuio - ok
22:55:06.0218 0x0b28  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:55:06.0328 0x0b28  NdisWan - ok
22:55:06.0359 0x0b28  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:55:06.0421 0x0b28  NDProxy - ok
22:55:06.0484 0x0b28  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:55:06.0546 0x0b28  NetBIOS - ok
22:55:06.0640 0x0b28  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:55:06.0765 0x0b28  NetBT - ok
22:55:06.0859 0x0b28  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
22:55:07.0015 0x0b28  NetDDE - ok
22:55:07.0031 0x0b28  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
22:55:07.0046 0x0b28  NetDDEdsdm - ok
22:55:07.0109 0x0b28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:55:07.0125 0x0b28  Netlogon - ok
22:55:07.0234 0x0b28  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
22:55:07.0265 0x0b28  Netman - ok
22:55:07.0390 0x0b28  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
22:55:07.0406 0x0b28  Nla - ok
22:55:07.0531 0x0b28  [ 9865516D33BC66FDDAC9DB4087D4B6AA, 2FDB6852CB98B607DD30999E48F3AD6CF28A678C0EB92CB621C0EB65533C1EFC ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
22:55:08.0203 0x0b28  nosGetPlusHelper - ok
22:55:08.0265 0x0b28  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:55:08.0343 0x0b28  Npfs - ok
22:55:08.0593 0x0b28  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:55:08.0828 0x0b28  Ntfs - ok
22:55:08.0890 0x0b28  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
22:55:08.0921 0x0b28  NTIDrvr - ok
22:55:08.0968 0x0b28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
22:55:08.0968 0x0b28  NtLmSsp - ok
22:55:09.0187 0x0b28  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
22:55:09.0390 0x0b28  NtmsSvc - ok
22:55:09.0468 0x0b28  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:55:09.0484 0x0b28  Null - ok
22:55:09.0531 0x0b28  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:55:09.0562 0x0b28  NwlnkFlt - ok
22:55:09.0593 0x0b28  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:55:09.0640 0x0b28  NwlnkFwd - ok
22:55:09.0890 0x0b28  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:55:10.0203 0x0b28  odserv - ok
22:55:10.0281 0x0b28  [ B270A30AE97524E7EDB5ECA7B2AFB846, 4755709D2BE494A77AA73C6DEEF30DAF999318347CC67DE095210FEC01F14A33 ] osaio           C:\WINDOWS\system32\drivers\osaio.sys
22:55:10.0296 0x0b28  osaio - ok
22:55:10.0328 0x0b28  [ 3245BEE5176697FAF0744A2E1288DC77, 8B043A0B5B6AE88F04E1C5FF59F81EAA7469F2D467DB09D81747CCC8799837FA ] osanbm          C:\WINDOWS\system32\drivers\osanbm.sys
22:55:10.0390 0x0b28  osanbm - ok
22:55:10.0531 0x0b28  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:55:10.0687 0x0b28  ose - ok
22:55:10.0781 0x0b28  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
22:55:10.0875 0x0b28  Parport - ok
22:55:10.0937 0x0b28  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
22:55:10.0984 0x0b28  PartMgr - ok
22:55:11.0031 0x0b28  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
22:55:11.0046 0x0b28  ParVdm - ok
22:55:11.0109 0x0b28  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
22:55:11.0203 0x0b28  PCI - ok
22:55:11.0218 0x0b28  PCIDump - ok
22:55:11.0250 0x0b28  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
22:55:11.0281 0x0b28  PCIIde - ok
22:55:11.0343 0x0b28  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:55:11.0421 0x0b28  Pcmcia - ok
22:55:11.0453 0x0b28  PDCOMP - ok
22:55:11.0468 0x0b28  PDFRAME - ok
22:55:11.0484 0x0b28  PDRELI - ok
22:55:11.0515 0x0b28  PDRFRAME - ok
22:55:11.0546 0x0b28  perc2 - ok
22:55:11.0562 0x0b28  perc2hib - ok
22:55:11.0718 0x0b28  [ 444F122E68DB44C0589227781F3C8B3F, 99581AD22CBD3B647E719E250291C315099B62FDF80671225F0C5A05489D0F91 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
22:55:11.0781 0x0b28  pfc - ok
22:55:11.0859 0x0b28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
22:55:11.0875 0x0b28  PlugPlay - ok
22:55:11.0906 0x0b28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
22:55:11.0906 0x0b28  PolicyAgent - ok
22:55:11.0968 0x0b28  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:55:12.0015 0x0b28  PptpMiniport - ok
22:55:12.0062 0x0b28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:55:12.0062 0x0b28  ProtectedStorage - ok
22:55:12.0125 0x0b28  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
22:55:12.0203 0x0b28  PSched - ok
22:55:12.0234 0x0b28  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:55:12.0265 0x0b28  Ptilink - ok
22:55:12.0281 0x0b28  ql1080 - ok
22:55:12.0312 0x0b28  Ql10wnt - ok
22:55:12.0328 0x0b28  ql12160 - ok
22:55:12.0343 0x0b28  ql1240 - ok
22:55:12.0375 0x0b28  ql1280 - ok
22:55:12.0531 0x0b28  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:55:12.0546 0x0b28  RasAcd - ok
22:55:12.0640 0x0b28  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:55:12.0718 0x0b28  RasAuto - ok
22:55:12.0781 0x0b28  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:55:12.0843 0x0b28  Rasl2tp - ok
22:55:12.0953 0x0b28  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:55:13.0015 0x0b28  RasMan - ok
22:55:13.0062 0x0b28  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:55:13.0109 0x0b28  RasPppoe - ok
22:55:13.0140 0x0b28  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
22:55:13.0187 0x0b28  Raspti - ok
22:55:13.0281 0x0b28  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:55:13.0359 0x0b28  Rdbss - ok
22:55:13.0406 0x0b28  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:55:13.0421 0x0b28  RDPCDD - ok
22:55:13.0531 0x0b28  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
22:55:13.0640 0x0b28  RDPWD - ok
22:55:13.0750 0x0b28  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
22:55:13.0890 0x0b28  RDSessMgr - ok
22:55:13.0937 0x0b28  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
22:55:14.0015 0x0b28  redbook - ok
22:55:14.0140 0x0b28  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:55:14.0203 0x0b28  RemoteAccess - ok
22:55:14.0281 0x0b28  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:55:14.0359 0x0b28  RpcLocator - ok
22:55:14.0578 0x0b28  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
22:55:14.0593 0x0b28  RpcSs - ok
22:55:14.0687 0x0b28  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
22:55:14.0781 0x0b28  RSVP - ok
22:55:14.0828 0x0b28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:55:14.0843 0x0b28  SamSs - ok
22:55:14.0984 0x0b28  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:55:15.0093 0x0b28  SASDIFSV - ok
22:55:15.0156 0x0b28  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:55:15.0265 0x0b28  SASKUTIL - ok
22:55:15.0359 0x0b28  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
22:55:15.0468 0x0b28  SCardSvr - ok
22:55:15.0593 0x0b28  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:55:15.0593 0x0b28  Schedule - ok
22:55:15.0671 0x0b28  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:55:15.0703 0x0b28  Secdrv - ok
22:55:15.0796 0x0b28  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
22:55:15.0843 0x0b28  seclogon - ok
22:55:15.0921 0x0b28  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
22:55:15.0937 0x0b28  SENS - ok
22:55:15.0984 0x0b28  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
22:55:16.0109 0x0b28  Serial - ok
22:55:16.0171 0x0b28  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
22:55:16.0203 0x0b28  Sfloppy - ok
22:55:16.0343 0x0b28  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:55:16.0437 0x0b28  SharedAccess - ok
22:55:16.0515 0x0b28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:55:16.0515 0x0b28  ShellHWDetection - ok
22:55:16.0546 0x0b28  Simbad - ok
22:55:16.0640 0x0b28  [ 8B3CDB4B1453B3A2E6E7300AABE50D0E, 3E54F54A506A6AF756FA4955F39DC58BC4D4D50C856F623FD28F6A893D9390C9 ] SiS315          C:\WINDOWS\system32\DRIVERS\sisgrp.sys
22:55:16.0812 0x0b28  SiS315 - ok
22:55:16.0859 0x0b28  [ 61CA562DEF09A782D26B3E7EDEC5369A, 3D9BE60239ED8FED64C92B013ADB6B880AEF353B2F8EA28F69C0E09482B5A722 ] SISAGP          C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
22:55:16.0937 0x0b28  SISAGP - ok
22:55:16.0984 0x0b28  [ 87A5176A3762B1341619CE63152C1DA9, 3D213289BA8CA0A0C6BF27CB3550B6451D8DE644BFC0C265840DA2A60993750F ] SiSkp           C:\WINDOWS\system32\DRIVERS\srvkp.sys
22:55:17.0031 0x0b28  SiSkp - ok
22:55:17.0078 0x0b28  [ 47F39481BC8941E0D51601A85691448D, F090CCB591A3BB78CA61C657550BC1405A5513A888979F5A56F9D62FAE2AACE9 ] SISNICXP        C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
22:55:17.0125 0x0b28  SISNICXP - ok
22:55:17.0328 0x0b28  [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
22:55:17.0328 0x0b28  SkypeUpdate - ok
22:55:17.0406 0x0b28  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:55:17.0437 0x0b28  SLIP - ok
22:55:17.0468 0x0b28  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:55:17.0500 0x0b28  SONYPVU1 - ok
22:55:17.0515 0x0b28  Sparrow - ok
22:55:17.0546 0x0b28  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
22:55:17.0562 0x0b28  splitter - ok
22:55:17.0656 0x0b28  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
22:55:17.0671 0x0b28  Spooler - ok
22:55:17.0734 0x0b28  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
22:55:17.0812 0x0b28  sr - ok
22:55:17.0937 0x0b28  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
22:55:18.0015 0x0b28  srservice - ok
22:55:18.0187 0x0b28  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
22:55:18.0328 0x0b28  Srv - ok
22:55:18.0421 0x0b28  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:55:18.0437 0x0b28  SSDPSRV - ok
22:55:18.0593 0x0b28  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
22:55:18.0781 0x0b28  stisvc - ok
22:55:18.0828 0x0b28  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:55:18.0859 0x0b28  streamip - ok
22:55:18.0906 0x0b28  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
22:55:18.0921 0x0b28  swenum - ok
22:55:18.0984 0x0b28  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D, EEF6DB9EDD8C273A6595675A7A12B9D440FA4E178BA7C69FB1942D97E291F989 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
22:55:19.0046 0x0b28  swmidi - ok
22:55:19.0125 0x0b28  SwPrv - ok
22:55:19.0156 0x0b28  symc810 - ok
22:55:19.0187 0x0b28  symc8xx - ok
22:55:19.0203 0x0b28  sym_hi - ok
22:55:19.0218 0x0b28  sym_u3 - ok
22:55:19.0312 0x0b28  [ EB363DDFBE8B6D51003CCAB29D93D744, 971589D7662670F6B3080476787E5DBCE67193144B423639200F2034CE2C0D21 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:55:19.0484 0x0b28  SynTP - ok
22:55:19.0546 0x0b28  [ 650AD082D46BAC0E64C9C0E0928492FD, 6A587A55418A3A7867602D92B99FE393152DED191F27992C4BA909BD268AC43C ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
22:55:19.0609 0x0b28  sysaudio - ok
22:55:19.0703 0x0b28  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
22:55:19.0812 0x0b28  SysmonLog - ok
22:55:19.0953 0x0b28  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:55:20.0062 0x0b28  TapiSrv - ok
22:55:20.0250 0x0b28  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:55:20.0375 0x0b28  Tcpip - ok
22:55:20.0437 0x0b28  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
22:55:20.0484 0x0b28  TDPIPE - ok
22:55:20.0515 0x0b28  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
22:55:20.0562 0x0b28  TDTCP - ok
22:55:20.0609 0x0b28  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
22:55:20.0687 0x0b28  TermDD - ok
22:55:20.0828 0x0b28  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
22:55:20.0921 0x0b28  TermService - ok
22:55:21.0000 0x0b28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
22:55:21.0015 0x0b28  Themes - ok
22:55:21.0046 0x0b28  TosIde - ok
22:55:21.0140 0x0b28  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
22:55:21.0218 0x0b28  TrkWks - ok
22:55:21.0281 0x0b28  [ E0C67BE430C6DE490D6CCAECFA071F9E, 831858F9A07122FBE513FC56D79F39F973FC9BA757D509C113AA975DE8A70EE5 ] UBHelper        C:\WINDOWS\system32\drivers\UBHelper.sys
22:55:21.0312 0x0b28  UBHelper - ok
22:55:21.0375 0x0b28  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
22:55:21.0453 0x0b28  Udfs - ok
22:55:21.0468 0x0b28  ultra - ok
22:55:21.0625 0x0b28  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
22:55:21.0765 0x0b28  Update - ok
22:55:21.0906 0x0b28  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:55:21.0953 0x0b28  upnphost - ok
22:55:22.0031 0x0b28  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
22:55:22.0140 0x0b28  UPS - ok
22:55:22.0312 0x0b28  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:55:22.0359 0x0b28  usbehci - ok
22:55:22.0437 0x0b28  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:55:22.0515 0x0b28  usbhub - ok
22:55:22.0562 0x0b28  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:55:22.0593 0x0b28  usbohci - ok
22:55:22.0640 0x0b28  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85, E40B73D4E2417F4874D155885C86E4FB44557324616AABD84EFE6C4751DCC46B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:55:22.0671 0x0b28  usbscan - ok
22:55:22.0718 0x0b28  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:55:22.0781 0x0b28  USBSTOR - ok
22:55:22.0921 0x0b28  [ 6EFCCEF1A131CAAD05FA29E82809DFD7, 772A1802CC7B4D194A0B7945C3C4972D3B6C1C8B275823EC194E3BB7C237E458 ] usnsvc          C:\Program Files\MSN Messenger\usnsvc.dll
22:55:23.0046 0x0b28  usnsvc - ok
22:55:23.0156 0x0b28  [ B70ABF0AEB47C1301A69B5D06B3079CA, 7A84FB33AA6D9C0E65BA5ABF753DD173094D0A7B20F5C220627F17C118EE93EF ] V0060VID        C:\WINDOWS\system32\DRIVERS\V0060Vid.sys
22:55:23.0234 0x0b28  V0060VID - ok
22:55:23.0281 0x0b28  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
22:55:23.0343 0x0b28  VgaSave - ok
22:55:23.0375 0x0b28  ViaIde - ok
22:55:23.0421 0x0b28  [ C48E230878EA1946F0C4026A9D8E9A61, 24DCF5119A6BE605C83985C724222B00FA51C95F8A385C014EDD9E1F268364BE ] VNUSB           C:\WINDOWS\system32\DRIVERS\VNUSB.sys
22:55:23.0484 0x0b28  VNUSB - ok
22:55:23.0546 0x0b28  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
22:55:23.0609 0x0b28  VolSnap - ok
22:55:23.0671 0x0b28  vsdatant - ok
22:55:23.0843 0x0b28  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
22:55:24.0015 0x0b28  VSS - ok
22:55:24.0109 0x0b28  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
22:55:24.0109 0x0b28  W32Time - ok
22:55:24.0187 0x0b28  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:55:24.0250 0x0b28  Wanarp - ok
22:55:24.0265 0x0b28  WDICA - ok
22:55:24.0343 0x0b28  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
22:55:24.0437 0x0b28  wdmaud - ok
22:55:24.0515 0x0b28  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:55:24.0562 0x0b28  WebClient - ok
22:55:24.0656 0x0b28  [ F45DD1E1365D857DD08BC23563370D0E, D95AEBB2095579D716C62152C8B805E119812FD2E40F14F9A5BA2EFDE133303B ] WinDefend       C:\Program Files\Windows Defender\MsMpEng.exe
22:55:24.0703 0x0b28  WinDefend - ok
22:55:24.0812 0x0b28  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:55:24.0937 0x0b28  winmgmt - ok
22:55:25.0031 0x0b28  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
22:55:25.0093 0x0b28  WmdmPmSN - ok
22:55:25.0203 0x0b28  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:55:25.0328 0x0b28  WmiApSrv - ok
22:55:25.0687 0x0b28  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
22:55:26.0328 0x0b28  WMPNetworkSvc - ok
22:55:26.0375 0x0b28  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:55:26.0421 0x0b28  WS2IFSL - ok
22:55:26.0500 0x0b28  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
22:55:26.0578 0x0b28  wscsvc - ok
22:55:26.0625 0x0b28  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:55:26.0671 0x0b28  WSTCODEC - ok
22:55:26.0750 0x0b28  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
22:55:26.0750 0x0b28  wuauserv - ok
22:55:26.0828 0x0b28  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:55:26.0921 0x0b28  WudfPf - ok
22:55:27.0000 0x0b28  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:55:27.0093 0x0b28  WudfRd - ok
22:55:27.0171 0x0b28  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
22:55:27.0218 0x0b28  WudfSvc - ok
22:55:27.0421 0x0b28  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
22:55:27.0453 0x0b28  WZCSVC - ok
22:55:27.0562 0x0b28  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
22:55:27.0656 0x0b28  xmlprov - ok
22:55:27.0687 0x0b28  ================ Scan global ===============================
22:55:27.0890 0x0b28  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
22:55:28.0125 0x0b28  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:55:28.0328 0x0b28  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
22:55:28.0421 0x0b28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
22:55:28.0421 0x0b28  [ Global ] - ok
22:55:28.0421 0x0b28  ================ Scan MBR ==================================
22:55:28.0468 0x0b28  [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
22:55:31.0921 0x0b28  \Device\Harddisk0\DR0 - ok
22:55:31.0921 0x0b28  ================ Scan VBR ==================================
22:55:31.0937 0x0b28  [ 05EE849869D72366B01FA5DC60C132CD ] \Device\Harddisk0\DR0\Partition1
22:55:31.0937 0x0b28  \Device\Harddisk0\DR0\Partition1 - ok
22:55:31.0968 0x0b28  [ 88BB71F076221AD9CB9C462BE567791C ] \Device\Harddisk0\DR0\Partition2
22:55:31.0968 0x0b28  \Device\Harddisk0\DR0\Partition2 - ok
22:55:31.0968 0x0b28  Waiting for KSN requests completion. In queue: 241
22:55:32.0968 0x0b28  Waiting for KSN requests completion. In queue: 241
22:55:33.0968 0x0b28  Waiting for KSN requests completion. In queue: 241
22:55:35.0093 0x0b28  AV detected via SS1: AVG Anti-Virus Free, 8.5, enabled, updated
22:55:35.0093 0x0b28  AV detected via SS1: Microsoft Security Essentials, 3.0.8402.0, enabled, updated
22:55:35.0093 0x0b28  AV detected via SS1: avast! Antivirus, 5.0.134219217, enabled, updated
22:55:35.0109 0x0b28  Win FW state via NFM: enabled
22:55:37.0609 0x0b28  ============================================================
22:55:37.0609 0x0b28  Scan finished
22:55:37.0609 0x0b28  ============================================================
22:55:37.0625 0x0d5c  Detected object count: 0
22:55:37.0625 0x0d5c  Actual detected object count: 0
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.007 - Report created 15/10/2013 at 23:02:36
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : paul anthony - ACER-2E68C49B20
# Running from : C:\Documents and Settings\paul anthony\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\Uninstall.exe
Folder Found C:\Documents and Settings\All Users\Application Data\Babylon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\584de8db534ec14
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\InstalledThirdPartyPrograms
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\584de8db534ec14
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cloikdolicapcipfoncopeialjfhabgf
Key Found : HKLM\Software\InstalledThirdPartyPrograms
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\paul anthony\Application Data\Mozilla\Firefox\Profiles\d1ntikji.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://visualbee.delta-search.com/?babsrc=NT_ss&mntrId=320D0016CE85D32F&affID=121376&tsp=5032");
Line Found : user_pref("browser.startup.homepage", "hxxp://visualbee.delta-search.com/?babsrc=HP_ss&mntrId=320D0016CE85D32F&affID=121376&tsp=5032");
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

[ File : C:\Documents and Settings\paul anthony\Application Data\Mozilla\Firefox\Profiles\368mybhl.default-1381502325078\prefs.js ]

Line Found : user_pref("extensions.enabledAddons", "%7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87,%7B95ab36d4-fb6f-47b0-8b8d-e5f3bd547953%7D:4.20.13,%7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7,%7B3d7eb24f-2[...]
Line Found : user_pref("extensions.gmailnoads@mywebber.com.install-event-fired", true);

[ File : C:\Documents and Settings\Administrator.ACER-2E68C49B20\Application Data\Mozilla\Firefox\Profiles\mu0wy948.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\paul anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3968 octets] - [15/10/2013 14:08:48]
AdwCleaner[R1].txt - [3888 octets] - [15/10/2013 23:02:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3948 octets] ##########
 

 

 

 

 

 

 

 

 

 

C:\Documents and Settings\paul anthony\Local Settings\Application Data\Opera\Opera\temporary_downloads\Plugin.exe    Win32/DownWare.I application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055638.exe    multiple threats    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055640.exe    a variant of Win32/Toolbar.CrossRider.J application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055641.exe    a variant of Win32/Toolbar.CrossRider.J application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055642.exe    a variant of Win32/Toolbar.CrossRider.J application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055643.exe    a variant of Win32/Toolbar.CrossRider.I application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055644.exe    a variant of Win32/Toolbar.CrossRider.I application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055646.dll    probably a variant of Win32/Toolbar.CrossRider.H application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055649.dll    a variant of Win32/Toolbar.CrossRider.H application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055650.exe    a variant of Win32/Toolbar.CrossRider.H application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055651.exe    a variant of Win32/Toolbar.CrossRider.J application    cleaned by deleting - quarantined
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP420\A0055652.exe    a variant of Win32/Toolbar.CrossRider.J application    cleaned by deleting - quarantined
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 16 October 2013 - 12:02 PM

Ok ,I fixed the Adw instruction..

ADW Cleaner

Double click on AdwCleaner.exe to run the tool again.
[list]
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .



    Next Update , scan and post a new Malwarebytes log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 16 October 2013 - 06:13 PM

OK, here are the two logs:

 

 

# AdwCleaner v3.007 - Report created 16/10/2013 at 13:11:24
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : paul anthony - ACER-2E68C49B20
# Running from : C:\Documents and Settings\paul anthony\Desktop\nullo\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
File Deleted : C:\WINDOWS\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cloikdolicapcipfoncopeialjfhabgf
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\584de8db534ec14
Key Deleted : HKLM\SOFTWARE\584de8db534ec14
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\paul anthony\Application Data\Mozilla\Firefox\Profiles\d1ntikji.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://visualbee.delta-search.com/?babsrc=NT_ss&mntrId=320D0016CE85D32F&affID=121376&tsp=5032");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://visualbee.delta-search.com/?babsrc=HP_ss&mntrId=320D0016CE85D32F&affID=121376&tsp=5032");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

[ File : C:\Documents and Settings\paul anthony\Application Data\Mozilla\Firefox\Profiles\368mybhl.default-1381502325078\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "%7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87,%7B95ab36d4-fb6f-47b0-8b8d-e5f3bd547953%7D:4.20.13,%7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7,%7B3d7eb24f-2[...]
Line Deleted : user_pref("extensions.gmailnoads@mywebber.com.install-event-fired", true);

[ File : C:\Documents and Settings\Administrator.ACER-2E68C49B20\Application Data\Mozilla\Firefox\Profiles\mu0wy948.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\paul anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3968 octets] - [15/10/2013 14:08:48]
AdwCleaner[R1].txt - [4028 octets] - [15/10/2013 23:02:36]
AdwCleaner[R2].txt - [4094 octets] - [16/10/2013 13:09:12]
AdwCleaner[S0].txt - [4075 octets] - [16/10/2013 13:11:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4135 octets] ##########
 

 

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2013.10.16.09

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
paul anthony :: ACER-2E68C49B20 [administrator]

10/16/2013 1:22:35 PM
mbam-log-2013-10-16 (13-22-35).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 308150
Time elapsed: 3 hour(s), 41 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 16 October 2013 - 08:04 PM

Look good!
These are outdated and should be removed thru Control Panel
HiJackThis (Version: 1.0.0)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java 2 Runtime Environment, SE v1.4.1_02

 
Reboot

 

browser is delayed by several seconds

 

 

Clear cache and cookies

•If you opted to have sites remember your username and password, they will be cleared from your browser's memory when you clear cache and cookies, and you'll have to sign in again. Be sure you have your passwords.


Edited by boopme, 16 October 2013 - 08:58 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 17 October 2013 - 01:07 PM

OK, these changes have been made.  Thank you



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 18 October 2013 - 09:58 AM

Check to see if Malwarebytes id still finding Gen-Nullo
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 18 October 2013 - 11:36 AM

No, it didn't find it.  Thank you



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 18 October 2013 - 07:16 PM

You're welcome if there are no more symptoms of infection then...
Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 21 October 2013 - 11:29 AM

I finished the last step.  Seems OK,but i do notice that i randomly been getting "stop script errors" with Firefox. 

 

Thank you.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 21 October 2013 - 03:41 PM

Reinstall Firefox.. There may be some file corruption due to malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 kg198

kg198
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 24 October 2013 - 08:20 AM

OK, went ahead and did that.  Seems better now.  THank you again.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 24 October 2013 - 09:31 AM

You're welcome!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users