Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Scan Failed in Chrome


  • This topic is locked This topic is locked
20 replies to this topic

#1 yobellzaa

yobellzaa

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 21 October 2013 - 07:28 AM

Hi,

 

My fathers computer has got a virus I believe. When he tries to download anything he is getting the virus scan failed error in Chrome. From some research I think it's a Trojan virus. Not sure where to start so I have come for some help here.

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 21 October 2013 - 08:35 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You´ve attached the wrong file. Please post up dds.txt´s content.

 

Also, do the following.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 yobellzaa

yobellzaa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 21 October 2013 - 10:38 AM

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.19458
Run by Paul at 13:18:55 on 2013-10-21
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2814.1846 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: {e9df9360-97f8-4690-afe6-996c80790da4} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Conime] c:\windows\system32\conime.exe
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{4D42DE59-3598-422D-AB3E-2F716DFFFAB6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A425DC52-016A-475C-8ACD-68B4F0BA72D2} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 91.212.127.226 osguardpro.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-30 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-30 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-13 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-13 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-13 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-13 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-13 46808]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-5-1 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-27 47640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-26 365952]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-9-16 3273088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-26 193840]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-10-20 12:15:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-10-18 07:55:26 -------- d-----w- c:\program files\GUM4317.tmp
2013-10-07 14:08:42 -------- d-----w- c:\users\paul\appdata\local\avgchrome
2013-10-07 14:07:10 -------- d-----w- c:\windows\system32\Extensions
2013-10-07 14:07:09 -------- d-----w- c:\windows\system32\searchplugins
2013-10-07 14:04:14 -------- d-----w- c:\programdata\Babylon
2013-09-27 07:34:12 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{333b7f17-364a-40c0-b4cd-c0096044b3de}\mpengine.dll
.
==================== Find3M  ====================
.
2013-08-08 01:45:09 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-08-07 03:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-01 10:21:05 916992 ----a-w- c:\windows\system32\wininet.dll
2013-08-01 10:15:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-01 10:15:21 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-01 10:15:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-08-01 10:15:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-01 10:13:35 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-01 08:37:30 385024 ----a-w- c:\windows\system32\html.iec
2013-08-01 06:56:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-01 06:54:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:19:39.21 ===============
 


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-21 16:35:10
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 TOSHIBA_MK2555GSX rev.FG002C 232.89GB
Running: 9g61xpwz.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kxldapod.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwAddBootEntry [0x9073A610]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwAllocateVirtualMemory [0x90CF95FA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwAssignProcessToJobObject [0x9073B0E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateEvent [0x90746F18]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateEventPair [0x90746F64]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateIoCompletion [0x907470FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateMutant [0x90746E86]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateSection [0x90CF9992]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateSemaphore [0x90746ECE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateThread [0x9073B5E4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateTimer [0x907470B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDebugActiveProcess [0x9073BE9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDeleteBootEntry [0x9073A676]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwDuplicateObject [0x9073F596]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwFreeVirtualMemory [0x90CF96C2]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwLoadDriver [0x90CF7C12]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwModifyBootEntry [0x9073A6DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwNotifyChangeKey [0x9073F98C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwNotifyChangeMultipleKeys [0x9073C92C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenEvent [0x90746F42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenEventPair [0x90746F86]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenIoCompletion [0x90747122]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenMutant [0x90746EAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenProcess [0x9073EE78]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenSection [0x90747036]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenSemaphore [0x90746EF6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenThread [0x9073F26E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwOpenTimer [0x907470DC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwProtectVirtualMemory [0x90CF9822]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwQueryObject [0x9073C7F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwQueueApcThread [0x9073C34E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetBootEntryOrder [0x9073A742]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetBootOptions [0x9073A7A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetContextThread [0x9073BD16]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetSystemInformation [0x9073A2F8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSetSystemPowerState [0x9073A4CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwShutdownSystem [0x9073A45C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSuspendProcess [0x9073C066]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSuspendThread [0x9073C1C8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwSystemDebugControl [0x9073A556]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwTerminateProcess [0x90CF98EA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwTerminateThread [0x9073BCF6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwUnloadDriver [0x90CF7C42]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwVdmControl [0x9073A80E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwWriteVirtualMemory [0x90CF976E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)  ZwCreateThreadEx [0x9073B800]
 
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ZwCreateProcessEx [0x90D12E00]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)  ObMakeTemporaryObject
 
---- Devices - GMER 2.1 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                 aswSP.SYS (avast! self protection module/AVAST Software)
 
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\@Parameters\0\x202e\x2764                       368
Reg             HKLM\SYSTEM\ControlSet011\Services\ (not active ControlSet)                            
Reg             HKLM\SYSTEM\ControlSet011\Services\@Parameters\0\x202e\x2764                           368
 
---- Disk sectors - GMER 2.1 ----
 
Disk            \Device\Harddisk0\DR0                                                                  unknown MBR code
 
---- EOF - GMER 2.1 ----


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 21 October 2013 - 10:44 AM

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 yobellzaa

yobellzaa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 21 October 2013 - 12:33 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-21 16:51:21
-----------------------------
16:51:21.446    OS Version: Windows 6.0.6002 Service Pack 2
16:51:21.446    Number of processors: 2 586 0x301
16:51:21.446    ComputerName: PAUL-PC  UserName: Paul
16:51:24.067    Initialize success
16:51:25.393    AVAST engine defs: 13102000
16:52:23.971    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
16:52:23.971    Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 3
16:52:24.330    Disk 0 MBR read successfully
16:52:24.330    Disk 0 MBR scan
16:52:24.330    Disk 0 unknown MBR code
16:52:24.361    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       227604 MB offset 63
16:52:24.408    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10867 MB offset 466135040
16:52:24.439    Disk 0 scanning sectors +488390656
16:52:24.751    Disk 0 scanning C:\Windows\system32\drivers
16:52:46.388    Service scanning
16:53:17.947    Service ?etadpug C:\Program Files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\   **HIDDEN**
16:53:18.509    Modules scanning
16:53:41.410    Disk 0 trace - called modules:
16:53:41.441    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
16:53:41.441    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8637e198]
16:53:41.456    3 CLASSPNP.SYS[82fa48b3] -> nt!IofCallDriver -> [0x861455e8]
16:53:41.456    5 acpi.sys[82e116bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x857d8030]
16:53:42.533    AVAST engine scan C:\Windows
16:53:46.604    AVAST engine scan C:\Windows\system32
17:02:50.112    AVAST engine scan C:\Windows\system32\drivers
17:04:42.510    AVAST engine scan C:\Users\Paul
17:42:29.003    AVAST engine scan C:\ProgramData
18:14:23.622    Scan finished successfully
18:22:00.125    Disk 0 MBR has been saved successfully to "\\VERBATIMNAS\shared\MBR.dat"
18:22:00.156    The log file has been saved successfully to "\\VERBATIMNAS\shared\aswMBR.txt"

18:28:09.0960 0x11a8  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
18:28:18.0477 0x11a8  ============================================================
18:28:18.0477 0x11a8  Current date / time: 2013/10/21 18:28:18.0477
18:28:18.0477 0x11a8  SystemInfo:
18:28:18.0477 0x11a8  
18:28:18.0477 0x11a8  OS Version: 6.0.6002 ServicePack: 2.0
18:28:18.0477 0x11a8  Product type: Workstation
18:28:18.0477 0x11a8  ComputerName: PAUL-PC
18:28:18.0477 0x11a8  UserName: Paul
18:28:18.0477 0x11a8  Windows directory: C:\Windows
18:28:18.0477 0x11a8  System windows directory: C:\Windows
18:28:18.0477 0x11a8  Processor architecture: Intel x86
18:28:18.0477 0x11a8  Number of processors: 2
18:28:18.0477 0x11a8  Page size: 0x1000
18:28:18.0477 0x11a8  Boot type: Normal boot
18:28:18.0477 0x11a8  ============================================================
18:28:25.0950 0x11a8  System UUID: {44CC654A-E55A-5EC4-C22B-6AE6B1AAA647}
18:28:28.0430 0x11a8  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:28:28.0446 0x11a8  ============================================================
18:28:28.0446 0x11a8  \Device\Harddisk0\DR0:
18:28:28.0493 0x11a8  MBR partitions:
18:28:28.0539 0x11a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC8A7C1
18:28:28.0539 0x11a8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BC8A800, BlocksNum 0x1539800
18:28:28.0539 0x11a8  ============================================================
18:28:28.0586 0x11a8  C: <-> \Device\Harddisk0\DR0\Partition1
18:28:28.0633 0x11a8  D: <-> \Device\Harddisk0\DR0\Partition2
18:28:28.0633 0x11a8  ============================================================
18:28:28.0633 0x11a8  Initialize success
18:28:28.0633 0x11a8  ============================================================
18:28:39.0054 0x05c8  ============================================================
18:28:39.0054 0x05c8  Scan started
18:28:39.0054 0x05c8  Mode: Manual; 
18:28:39.0054 0x05c8  ============================================================
18:28:39.0054 0x05c8  KSN ping started
18:28:43.0937 0x05c8  KSN ping finished: true
18:28:45.0044 0x05c8  ================ Scan system memory ========================
18:28:45.0044 0x05c8  System memory - ok
18:28:45.0060 0x05c8  ================ Scan services =============================
18:28:45.0231 0x05c8  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
18:28:45.0263 0x05c8  ACPI - ok
18:28:45.0715 0x05c8  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:28:45.0793 0x05c8  adp94xx - ok
18:28:45.0840 0x05c8  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:28:45.0855 0x05c8  adpahci - ok
18:28:45.0902 0x05c8  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
18:28:45.0918 0x05c8  adpu160m - ok
18:28:45.0949 0x05c8  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:28:45.0965 0x05c8  adpu320 - ok
18:28:46.0011 0x05c8  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:28:46.0027 0x05c8  AeLookupSvc - ok
18:28:46.0105 0x05c8  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
18:28:46.0121 0x05c8  AFD - ok
18:28:46.0167 0x05c8  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:28:46.0167 0x05c8  agp440 - ok
18:28:46.0230 0x05c8  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
18:28:46.0230 0x05c8  aic78xx - ok
18:28:46.0292 0x05c8  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
18:28:46.0292 0x05c8  ALG - ok
18:28:46.0323 0x05c8  [ 3D76FDA1A10ACC3DC84728F55C29B6D4, E6D0FF73C7041C4F889269B91EEF3BB35467691B6EAA244F3C2AC2F65EA23C72 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:28:46.0323 0x05c8  aliide - ok
18:28:46.0370 0x05c8  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
18:28:46.0370 0x05c8  amdagp - ok
18:28:46.0401 0x05c8  [ 5B92E7839F5A1FBC1B39DE67758AD6F8, 2672A666C8A2BADB01792EFFC09FCB295A3EDFFF4A2023C223F1ADBD4A8E77F2 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:28:46.0401 0x05c8  amdide - ok
18:28:46.0448 0x05c8  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
18:28:46.0448 0x05c8  AmdK7 - ok
18:28:46.0479 0x05c8  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:28:46.0479 0x05c8  AmdK8 - ok
18:28:46.0542 0x05c8  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
18:28:46.0542 0x05c8  Appinfo - ok
18:28:46.0651 0x05c8  [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:28:46.0651 0x05c8  Apple Mobile Device - ok
18:28:46.0698 0x05c8  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
18:28:46.0713 0x05c8  arc - ok
18:28:46.0760 0x05c8  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:28:46.0776 0x05c8  arcsas - ok
18:28:46.0854 0x05c8  [ 4AF5F360BA1E8794D32B366E45A64A0A, 6AF5410168E06A6895237183AA9769576031FAF412ABFC46572A013432BE1F86 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
18:28:46.0854 0x05c8  aswFsBlk - ok
18:28:46.0916 0x05c8  [ 1F7094D4268D46F718C51286DC189791, 4820C1417876C45EBC1C33C66265AC16A6A016599256DDBA45D4D6E147DDE8A0 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:28:46.0916 0x05c8  aswMonFlt - ok
18:28:46.0963 0x05c8  [ 7B43265F92257A21CBFD88E7A651044C, E01A0E5BB3621CDEA906B63992A0258AC2BC79C487D128551153563FE1CBE819 ] AswRdr          C:\Windows\system32\drivers\AswRdr.sys
18:28:46.0963 0x05c8  AswRdr - ok
18:28:47.0025 0x05c8  [ B680134BA1813B78B47FDD1DFF223CA5, 51B749766B8D1E75F8D652A9BDB8839A95A2637B05E1B2BFF4FF8B0E77A02D50 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:28:47.0041 0x05c8  aswRvrt - ok
18:28:47.0291 0x05c8  [ CCD565A8A72AF7D45F9A242013870926, 7E5A0EA32C5BAEA25C093A270CFEEE21E57272BC79221BDA58DDBF1CD9E9868C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:28:47.0337 0x05c8  aswSnx - ok
18:28:47.0447 0x05c8  [ 937300BC7C4CDF7576BCCE44E19BBB9D, 2275DE904940042421D8A33ACC8C0E1C7FAED7E59FA4658938FB8DBE6D624634 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:28:47.0462 0x05c8  aswSP - ok
18:28:47.0525 0x05c8  [ 1F71F170D90E42EFDE9633D81D5E12DC, 62053E412F8269B4E906E482B905CADCFEA0D3296B525C1141944D5EA9B227A8 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
18:28:47.0540 0x05c8  aswTdi - ok
18:28:47.0665 0x05c8  [ 8CFAA2B965773A653F48F1207A9CB9C4, A4A58FAF10BB174A0400F3A25912A497300E5EEDF54B93B44FA67CA191047D06 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:28:47.0681 0x05c8  aswVmm - ok
18:28:47.0712 0x05c8  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:47.0759 0x05c8  AsyncMac - ok
18:28:47.0821 0x05c8  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
18:28:47.0821 0x05c8  atapi - ok
18:28:47.0930 0x05c8  [ 600EFE56F37ADBD65A0FB076B50D1B8D, B36C146722A9C95C37A073B09F899700F28E29E631FF6A306F92A493E7AFCFFC ] athr            C:\Windows\system32\DRIVERS\athr.sys
18:28:48.0039 0x05c8  athr - ok
18:28:48.0117 0x05c8  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:28:48.0149 0x05c8  AudioEndpointBuilder - ok
18:28:48.0180 0x05c8  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
18:28:48.0195 0x05c8  Audiosrv - ok
18:28:48.0320 0x05c8  [ 28D6701C710AD7BA3CB95E75F8F1A9AA, 66EE8BC56E5043B5A84E1BA37D591EAD132BD949F03CA8092FDCC3E196AB39D0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:28:48.0320 0x05c8  avast! Antivirus - ok
18:28:48.0367 0x05c8  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:28:48.0383 0x05c8  Beep - ok
18:28:48.0398 0x05c8  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
18:28:48.0461 0x05c8  blbdrive - ok
18:28:48.0585 0x05c8  [ 1C87705CCB2F60172B0FC86B5D82F00D, C6413E6603AD7ECDA5107504E109F608154BA43DAFCE319793E8D8B47C2781A3 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:28:48.0601 0x05c8  Bonjour Service - ok
18:28:48.0695 0x05c8  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:28:48.0726 0x05c8  bowser - ok
18:28:48.0804 0x05c8  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
18:28:48.0819 0x05c8  BrFiltLo - ok
18:28:48.0851 0x05c8  BrFiltUp - ok
18:28:48.0897 0x05c8  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
18:28:48.0913 0x05c8  Browser - ok
18:28:48.0944 0x05c8  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
18:28:48.0944 0x05c8  Brserid - ok
18:28:48.0975 0x05c8  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
18:28:48.0991 0x05c8  BrSerWdm - ok
18:28:49.0022 0x05c8  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
18:28:49.0022 0x05c8  BrUsbSer - ok
18:28:49.0053 0x05c8  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:28:49.0053 0x05c8  BTHMODEM - ok
18:28:49.0116 0x05c8  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:28:49.0116 0x05c8  cdfs - ok
18:28:49.0178 0x05c8  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:28:49.0178 0x05c8  cdrom - ok
18:28:49.0256 0x05c8  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
18:28:49.0256 0x05c8  CertPropSvc - ok
18:28:49.0303 0x05c8  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:28:49.0303 0x05c8  circlass - ok
18:28:49.0428 0x05c8  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
18:28:49.0443 0x05c8  CLFS - ok
18:28:49.0521 0x05c8  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:28:49.0537 0x05c8  clr_optimization_v2.0.50727_32 - ok
18:28:49.0646 0x05c8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:28:49.0662 0x05c8  clr_optimization_v4.0.30319_32 - ok
18:28:49.0709 0x05c8  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:49.0709 0x05c8  CmBatt - ok
18:28:49.0740 0x05c8  [ D36372A6EA6805EFBE8884D10772313F, 243FCA697FEEBCB1F501C49DF75901C18F9BC301E693AA22EBB43F2B7CA26991 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:28:49.0740 0x05c8  cmdide - ok
18:28:49.0802 0x05c8  [ 1ADF6F4852E7D7E2E8AC481BDB970586, B5A89EE8E9BEE08FF99B9BEE2CC731FE023DA80DC52B575AE2B032F46445A65A ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
18:28:49.0818 0x05c8  CnxtHdAudService - ok
18:28:49.0896 0x05c8  [ 7795F8CEBC284A426B53F541E538695F, 1A56B32CA26505D9B1899EF4C3E1E1A815D8A36CC476691DBCE8A41109208C87 ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:28:50.0005 0x05c8  Com4QLBEx - ok
18:28:50.0052 0x05c8  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:28:50.0052 0x05c8  Compbatt - ok
18:28:50.0083 0x05c8  COMSysApp - ok
18:28:50.0114 0x05c8  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:28:50.0114 0x05c8  crcdisk - ok
18:28:50.0161 0x05c8  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
18:28:50.0161 0x05c8  Crusoe - ok
18:28:50.0208 0x05c8  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:28:50.0208 0x05c8  CryptSvc - ok
18:28:50.0286 0x05c8  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:28:50.0301 0x05c8  DcomLaunch - ok
18:28:50.0379 0x05c8  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:28:50.0379 0x05c8  DfsC - ok
18:28:50.0582 0x05c8  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
18:28:50.0754 0x05c8  DFSR - ok
18:28:50.0988 0x05c8  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
18:28:50.0988 0x05c8  Dhcp - ok
18:28:51.0035 0x05c8  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
18:28:51.0050 0x05c8  disk - ok
18:28:51.0113 0x05c8  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:28:51.0128 0x05c8  Dnscache - ok
18:28:51.0191 0x05c8  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
18:28:51.0206 0x05c8  dot3svc - ok
18:28:51.0253 0x05c8  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
18:28:51.0269 0x05c8  DPS - ok
18:28:51.0300 0x05c8  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:28:51.0300 0x05c8  drmkaud - ok
18:28:51.0425 0x05c8  [ 5DE0FAEC9E5D1AAE74F8568897891A01, 72E57A7F3591C8ABD3C4DF9842A661049A9B6883A534630EF460D60ACFAA4C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:28:51.0471 0x05c8  DXGKrnl - ok
18:28:51.0534 0x05c8  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
18:28:51.0596 0x05c8  E1G60 - ok
18:28:51.0643 0x05c8  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
18:28:51.0659 0x05c8  EapHost - ok
18:28:51.0721 0x05c8  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
18:28:51.0737 0x05c8  Ecache - ok
18:28:51.0799 0x05c8  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:28:51.0830 0x05c8  ehRecvr - ok
18:28:51.0846 0x05c8  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
18:28:51.0861 0x05c8  ehSched - ok
18:28:51.0908 0x05c8  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
18:28:51.0924 0x05c8  ehstart - ok
18:28:51.0971 0x05c8  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:28:52.0002 0x05c8  elxstor - ok
18:28:52.0127 0x05c8  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
18:28:52.0142 0x05c8  EMDMgmt - ok
18:28:52.0173 0x05c8  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:28:52.0314 0x05c8  ErrDev - ok
18:28:52.0407 0x05c8  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
18:28:52.0439 0x05c8  EventSystem - ok
18:28:52.0563 0x05c8  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:28:52.0579 0x05c8  exfat - ok
18:28:52.0641 0x05c8  [ 42F721C52EEF2D6DF9372A53813A83EF, 0222DE06A8C0CB257C646870554217C3587215E88EFB32399173106C205FD5CB ] ezSharedSvc     C:\Windows\System32\ezsvc7.dll
18:28:52.0657 0x05c8  ezSharedSvc - ok
18:28:52.0719 0x05c8  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:28:52.0719 0x05c8  fastfat - ok
18:28:52.0782 0x05c8  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:28:52.0782 0x05c8  fdc - ok
18:28:52.0829 0x05c8  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
18:28:52.0829 0x05c8  fdPHost - ok
18:28:52.0844 0x05c8  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:28:52.0860 0x05c8  FDResPub - ok
18:28:52.0875 0x05c8  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:28:52.0891 0x05c8  FileInfo - ok
18:28:52.0938 0x05c8  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:28:53.0078 0x05c8  Filetrace - ok
18:28:53.0109 0x05c8  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:53.0125 0x05c8  flpydisk - ok
18:28:53.0187 0x05c8  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:28:53.0203 0x05c8  FltMgr - ok
18:28:53.0328 0x05c8  [ 119ACA7CADCA75BEA6B38E999443BAA6, 82A2C47AD4262E85AE9E8DAC22F4E4D31115E649DA28BFA5B7C64CD9BD3F7D39 ] FontCache       C:\Windows\system32\FntCache.dll
18:28:53.0375 0x05c8  FontCache - ok
18:28:53.0484 0x05c8  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:28:53.0624 0x05c8  FontCache3.0.0.0 - ok
18:28:53.0702 0x05c8  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:28:53.0702 0x05c8  Fs_Rec - ok
18:28:53.0749 0x05c8  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:28:53.0811 0x05c8  gagp30kx - ok
18:28:53.0999 0x05c8  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
18:28:54.0123 0x05c8  GamesAppService - ok
18:28:54.0170 0x05c8  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:28:54.0170 0x05c8  GEARAspiWDM - ok
18:28:54.0295 0x05c8  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
18:28:54.0342 0x05c8  gpsvc - ok
18:28:54.0420 0x05c8  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:28:54.0435 0x05c8  gupdate - ok
18:28:54.0451 0x05c8  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:28:54.0467 0x05c8  gupdatem - ok
18:28:54.0513 0x05c8  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:28:54.0513 0x05c8  HdAudAddService - ok
18:28:54.0591 0x05c8  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:28:54.0623 0x05c8  HDAudBus - ok
18:28:54.0654 0x05c8  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:28:54.0654 0x05c8  HidBth - ok
18:28:54.0685 0x05c8  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:28:54.0701 0x05c8  HidIr - ok
18:28:54.0794 0x05c8  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
18:28:54.0810 0x05c8  hidserv - ok
18:28:54.0872 0x05c8  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:28:54.0872 0x05c8  HidUsb - ok
18:28:54.0919 0x05c8  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:28:54.0935 0x05c8  hkmsvc - ok
18:28:54.0997 0x05c8  [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
18:28:55.0013 0x05c8  HP Health Check Service - ok
18:28:55.0059 0x05c8  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
18:28:55.0059 0x05c8  HpCISSs - ok
18:28:55.0091 0x05c8  [ 35956140E686D53BF676CF0C778880FC, AFFE1CC956E75AF1DE87F19A58CB03C861907C48DCA03F7454EF7762DEB46F2D ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:28:55.0091 0x05c8  HpqKbFiltr - ok
18:28:55.0169 0x05c8  [ 1665C7121A026DF10C903DB9BC5E9D43, D96189406774842923BC420C4AF33FA81C83B815E14CE7C444F9CCF545971B7E ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:28:55.0262 0x05c8  hpqwmiex - ok
18:28:55.0371 0x05c8  [ CC267848CB3508E72762BE65734E764D, E7E39607A48E77544EE286EA678FC2ED8A6C20C9DCB8C901BC70140ECB2E7C2F ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:28:55.0496 0x05c8  HSF_DPV - ok
18:28:55.0574 0x05c8  [ A2882945CC4B6E3E4E9E825590438888, C0B7E695BBFFB927A3A7122BCA41B454B27F285A0A380E82CEDF87CE573A5C60 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:28:55.0590 0x05c8  HSXHWAZL - ok
18:28:55.0668 0x05c8  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:28:55.0683 0x05c8  HTTP - ok
18:28:55.0730 0x05c8  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
18:28:55.0746 0x05c8  i2omp - ok
18:28:55.0761 0x05c8  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:28:55.0777 0x05c8  i8042prt - ok
18:28:55.0824 0x05c8  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
18:28:55.0839 0x05c8  iaStorV - ok
18:28:55.0917 0x05c8  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:28:56.0011 0x05c8  IDriverT - ok
18:28:56.0214 0x05c8  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:28:56.0401 0x05c8  idsvc - ok
18:28:56.0541 0x05c8  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:28:56.0541 0x05c8  iirsp - ok
18:28:56.0635 0x05c8  [ 9908D8A397B76CD8D31D0D383C5773C9, FFA6996BE9F11A81CB63C849C2400EB44A07706D1EEB7A3502D4110DAC3684A2 ] IKEEXT          C:\Windows\System32\ikeext.dll
18:28:56.0682 0x05c8  IKEEXT - ok
18:28:56.0760 0x05c8  [ DD512A049BD7B4BCE8A83554C5EFF2C1, FBC44A9EBFCCE0EF4F6D007590158F7852340D3056298A0C1708E3AC30AB6CA9 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:28:56.0822 0x05c8  intelide - ok
18:28:56.0869 0x05c8  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:28:56.0869 0x05c8  intelppm - ok
18:28:56.0947 0x05c8  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:28:56.0963 0x05c8  IPBusEnum - ok
18:28:56.0978 0x05c8  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:28:56.0994 0x05c8  IpFilterDriver - ok
18:28:57.0025 0x05c8  IpInIp - ok
18:28:57.0056 0x05c8  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
18:28:57.0072 0x05c8  IPMIDRV - ok
18:28:57.0119 0x05c8  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
18:28:57.0119 0x05c8  IPNAT - ok
18:28:57.0321 0x05c8  [ 3A6D4D8ABACF64292D060C9E06D2050D, CD16CA0E16667E3C0263DC8D1BC53C5BAD700CDCD210FE2710918CF05A8AC782 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:28:57.0368 0x05c8  iPod Service - ok
18:28:57.0399 0x05c8  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:28:57.0415 0x05c8  IRENUM - ok
18:28:57.0462 0x05c8  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:28:57.0462 0x05c8  isapnp - ok
18:28:57.0524 0x05c8  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
18:28:57.0540 0x05c8  iScsiPrt - ok
18:28:57.0555 0x05c8  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
18:28:57.0555 0x05c8  iteatapi - ok
18:28:57.0571 0x05c8  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
18:28:57.0587 0x05c8  iteraid - ok
18:28:57.0618 0x05c8  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:28:57.0618 0x05c8  kbdclass - ok
18:28:57.0649 0x05c8  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:28:57.0665 0x05c8  kbdhid - ok
18:28:57.0711 0x05c8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
18:28:57.0711 0x05c8  KeyIso - ok
18:28:58.0179 0x05c8  [ 775C6D5D60146D7DB08A01CB596D7EC6, 66D87041DD8E0CF8AFBC155AC709E9A647B765BBA56CDE07EA01468BDAD7C239 ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
18:28:58.0226 0x05c8  Kodak AiO Network Discovery Service - ok
18:28:58.0476 0x05c8  [ 17AFF68AB32F8671BC46612D35351099, C782460B99EAAE84DDBEF5AEB628984984B4108A482F023CE62CE1D33A367FEB ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
18:28:58.0538 0x05c8  Kodak AiO Status Monitor Service - ok
18:28:58.0632 0x05c8  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:28:58.0866 0x05c8  KSecDD - ok
18:28:58.0959 0x05c8  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:28:58.0991 0x05c8  KtmRm - ok
18:28:59.0100 0x05c8  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:28:59.0115 0x05c8  LanmanServer - ok
18:28:59.0193 0x05c8  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:28:59.0209 0x05c8  LanmanWorkstation - ok
18:28:59.0303 0x05c8  [ ABF90FC5A127F481219B873C1B8DFC1C, 465188183B2848C11743B2A6B987B307D30F636E4958E60766336479473DD121 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:28:59.0318 0x05c8  LightScribeService - ok
18:28:59.0349 0x05c8  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:28:59.0349 0x05c8  lltdio - ok
18:28:59.0396 0x05c8  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:28:59.0412 0x05c8  lltdsvc - ok
18:28:59.0443 0x05c8  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:28:59.0443 0x05c8  lmhosts - ok
18:28:59.0552 0x05c8  [ DABCB3AD9B60BFDA876CB4F6081E822F, 5D3EEB9892FBC989E85DE6BDCD8AC412AB68A22804B74D51A177C20E8B6C9117 ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:28:59.0583 0x05c8  LMIGuardianSvc - ok
18:28:59.0661 0x05c8  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049, CFB86B860FF4F856DA75EB132E06B77C71DC5D994799C08EDC01F2CA8B47AB44 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
18:28:59.0864 0x05c8  LMIInfo - ok
18:28:59.0942 0x05c8  [ AB73A7C8594ABE0A7418626F0E742F40, 16056C7086AA43DDEACC005478A306AA229F3516E5A2046A97F56DCB6EBA00A1 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
18:28:59.0973 0x05c8  LMIMaint - ok
18:29:00.0005 0x05c8  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1, 0BC8AF546901E6C20611C5250BD65ACD0C4A8613BD8F8835F0D4680B5777F051 ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
18:29:00.0067 0x05c8  lmimirr - ok
18:29:00.0098 0x05c8  LMIRfsClientNP - ok
18:29:00.0129 0x05c8  [ 3FAA563DDF853320F90259D455A01D79, D81B5FCC0CBCF9CE18E44A31071D357B12F5016159E24954E50E68D80C9F61B8 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
18:29:00.0129 0x05c8  LMIRfsDriver - ok
18:29:00.0207 0x05c8  [ 432618FA75B61059D2C57D6A7E55147A, 0E7D771AE9F98667A68C8C07A664D70B71B78EC08D7FEA92AD979E1E049EC0B1 ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:29:00.0582 0x05c8  LogMeIn - ok
18:29:00.0660 0x05c8  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:29:00.0675 0x05c8  LSI_FC - ok
18:29:00.0691 0x05c8  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:29:00.0707 0x05c8  LSI_SAS - ok
18:29:00.0753 0x05c8  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:29:00.0816 0x05c8  LSI_SCSI - ok
18:29:00.0863 0x05c8  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:29:00.0894 0x05c8  luafv - ok
18:29:00.0956 0x05c8  [ A4225BA7B4EE5B8CDF8A808858DBA437, F9111D6384586A2EC6080C455B3D47DEF9DB0026E86168436B4B7A544A8435F3 ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
18:29:00.0987 0x05c8  McciCMService - ok
18:29:01.0050 0x05c8  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:29:01.0050 0x05c8  Mcx2Svc - ok
18:29:01.0097 0x05c8  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:29:01.0128 0x05c8  mdmxsdk - ok
18:29:01.0190 0x05c8  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
18:29:01.0190 0x05c8  megasas - ok
18:29:01.0268 0x05c8  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
18:29:01.0346 0x05c8  MegaSR - ok
18:29:01.0377 0x05c8  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
18:29:01.0393 0x05c8  MMCSS - ok
18:29:01.0455 0x05c8  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
18:29:01.0455 0x05c8  Modem - ok
18:29:01.0487 0x05c8  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:29:01.0533 0x05c8  monitor - ok
18:29:01.0565 0x05c8  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:29:01.0580 0x05c8  mouclass - ok
18:29:01.0596 0x05c8  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:29:01.0596 0x05c8  mouhid - ok
18:29:01.0643 0x05c8  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
18:29:01.0643 0x05c8  MountMgr - ok
18:29:01.0721 0x05c8  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:29:01.0783 0x05c8  mpio - ok
18:29:01.0830 0x05c8  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:29:01.0830 0x05c8  mpsdrv - ok
18:29:01.0892 0x05c8  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
18:29:01.0908 0x05c8  Mraid35x - ok
18:29:01.0955 0x05c8  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:29:01.0986 0x05c8  MREMP50 - ok
18:29:02.0001 0x05c8  MREMP50a64 - ok
18:29:02.0017 0x05c8  MREMPR5 - ok
18:29:02.0033 0x05c8  MRENDIS5 - ok
18:29:02.0079 0x05c8  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:29:02.0095 0x05c8  MRESP50 - ok
18:29:02.0111 0x05c8  MRESP50a64 - ok
18:29:02.0189 0x05c8  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:29:02.0189 0x05c8  MRxDAV - ok
18:29:02.0251 0x05c8  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:02.0267 0x05c8  mrxsmb - ok
18:29:02.0360 0x05c8  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:02.0376 0x05c8  mrxsmb10 - ok
18:29:02.0423 0x05c8  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:02.0423 0x05c8  mrxsmb20 - ok
18:29:02.0485 0x05c8  [ AA305CFF241DA187BD5077DE4A2A043D, 1D0FAE34A617E350DA6B0A2380AD4522EFF78F1CC02BE1199023F5CCD465411D ] msahci          C:\Windows\system32\drivers\msahci.sys
18:29:02.0485 0x05c8  msahci - ok
18:29:02.0547 0x05c8  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:29:02.0563 0x05c8  msdsm - ok
18:29:02.0610 0x05c8  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
18:29:02.0625 0x05c8  MSDTC - ok
18:29:02.0657 0x05c8  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:29:02.0672 0x05c8  Msfs - ok
18:29:02.0719 0x05c8  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:29:02.0719 0x05c8  msisadrv - ok
18:29:02.0781 0x05c8  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:29:02.0781 0x05c8  MSiSCSI - ok
18:29:02.0797 0x05c8  msiserver - ok
18:29:02.0828 0x05c8  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:29:02.0828 0x05c8  MSKSSRV - ok
18:29:02.0859 0x05c8  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:02.0859 0x05c8  MSPCLOCK - ok
18:29:02.0891 0x05c8  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:29:02.0891 0x05c8  MSPQM - ok
18:29:02.0953 0x05c8  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:29:02.0953 0x05c8  MsRPC - ok
18:29:03.0000 0x05c8  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:03.0000 0x05c8  mssmbios - ok
18:29:03.0047 0x05c8  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:29:03.0047 0x05c8  MSTEE - ok
18:29:03.0078 0x05c8  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:29:03.0093 0x05c8  Mup - ok
18:29:03.0171 0x05c8  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
18:29:03.0203 0x05c8  napagent - ok
18:29:03.0296 0x05c8  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:29:03.0312 0x05c8  NativeWifiP - ok
18:29:03.0405 0x05c8  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:29:03.0437 0x05c8  NDIS - ok
18:29:03.0530 0x05c8  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:03.0561 0x05c8  NdisTapi - ok
18:29:03.0593 0x05c8  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:03.0593 0x05c8  Ndisuio - ok
18:29:03.0639 0x05c8  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:03.0655 0x05c8  NdisWan - ok
18:29:03.0686 0x05c8  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:29:03.0686 0x05c8  NDProxy - ok
18:29:03.0733 0x05c8  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:29:03.0733 0x05c8  NetBIOS - ok
18:29:03.0795 0x05c8  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
18:29:03.0795 0x05c8  netbt - ok
18:29:03.0827 0x05c8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
18:29:03.0827 0x05c8  Netlogon - ok
18:29:03.0858 0x05c8  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
18:29:03.0873 0x05c8  Netman - ok
18:29:03.0920 0x05c8  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
18:29:03.0936 0x05c8  netprofm - ok
18:29:03.0998 0x05c8  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:04.0029 0x05c8  NetTcpPortSharing - ok
18:29:04.0170 0x05c8  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
18:29:04.0326 0x05c8  NETw3v32 - ok
18:29:04.0373 0x05c8  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:29:04.0373 0x05c8  nfrd960 - ok
18:29:04.0419 0x05c8  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:29:04.0435 0x05c8  NlaSvc - ok
18:29:04.0466 0x05c8  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:29:04.0466 0x05c8  Npfs - ok
18:29:04.0497 0x05c8  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
18:29:04.0513 0x05c8  nsi - ok
18:29:04.0560 0x05c8  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:29:04.0560 0x05c8  nsiproxy - ok
18:29:04.0669 0x05c8  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:29:04.0716 0x05c8  Ntfs - ok
18:29:04.0778 0x05c8  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
18:29:04.0778 0x05c8  ntrigdigi - ok
18:29:04.0809 0x05c8  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
18:29:04.0825 0x05c8  Null - ok
18:29:04.0887 0x05c8  [ AE78A7285DF03A277415FC62F8CE8F24, E6CD1195C64E7B111E0F99575074C5FB43363A3FE98EA231ED93D732C6CACB74 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:29:04.0934 0x05c8  NVENETFD - ok
18:29:04.0965 0x05c8  [ B0DD52428BF564F5FC5EE331060BE2A6, 67708A45D4779328BFAA6CB920E84416B7DC20910312DC9C78AEA5BDBBED5542 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
18:29:04.0965 0x05c8  NVHDA - ok
18:29:05.0589 0x05c8  [ 9DAC05D828E56801FD6CE5FDFCED64AF, 81CAE071F931A75753434DF86C749353F2EEB28136EB4AFC565A4220CC727697 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:29:06.0104 0x05c8  nvlddmkm - ok
18:29:06.0198 0x05c8  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:29:06.0198 0x05c8  nvraid - ok
18:29:06.0245 0x05c8  [ 0FB6BF3AB170FC5BD403D25E134EAFDE, F0300AD3177E503FA7C9D767D5AA622BB1CA0187CCD7457C55CEAC0E4090309E ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
18:29:06.0323 0x05c8  nvsmu - ok
18:29:06.0338 0x05c8  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:29:06.0338 0x05c8  nvstor - ok
18:29:06.0401 0x05c8  [ 51E7F2C26B6ECE61C5241F1F731EAB2B, FC9C82C17BF4DDFE999194C8C062E10CDEEDD8DEABEEF45D2AE1D0DAEAD314F8 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:29:06.0432 0x05c8  nvsvc - ok
18:29:06.0479 0x05c8  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:29:06.0494 0x05c8  nv_agp - ok
18:29:06.0510 0x05c8  NwlnkFlt - ok
18:29:06.0525 0x05c8  NwlnkFwd - ok
18:29:06.0697 0x05c8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:29:06.0775 0x05c8  odserv - ok
18:29:06.0837 0x05c8  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:29:06.0837 0x05c8  ohci1394 - ok
18:29:06.0900 0x05c8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:06.0931 0x05c8  ose - ok
18:29:07.0103 0x05c8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
18:29:07.0259 0x05c8  p2pimsvc - ok
18:29:07.0368 0x05c8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:29:07.0415 0x05c8  p2psvc - ok
18:29:07.0461 0x05c8  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
18:29:07.0461 0x05c8  Parport - ok
18:29:07.0524 0x05c8  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:29:07.0539 0x05c8  partmgr - ok
18:29:07.0555 0x05c8  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
18:29:07.0555 0x05c8  Parvdm - ok
18:29:07.0602 0x05c8  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
18:29:07.0617 0x05c8  pci - ok
18:29:07.0664 0x05c8  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
18:29:07.0680 0x05c8  pciide - ok
18:29:07.0805 0x05c8  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:29:07.0836 0x05c8  pcmcia - ok
18:29:07.0945 0x05c8  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:29:07.0992 0x05c8  PEAUTH - ok
18:29:08.0132 0x05c8  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
18:29:08.0413 0x05c8  pla - ok
18:29:08.0507 0x05c8  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:29:08.0522 0x05c8  PlugPlay - ok
18:29:08.0585 0x05c8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
18:29:08.0741 0x05c8  PNRPAutoReg - ok
18:29:08.0787 0x05c8  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
18:29:08.0819 0x05c8  PNRPsvc - ok
18:29:08.0881 0x05c8  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:29:08.0881 0x05c8  PptpMiniport - ok
18:29:08.0912 0x05c8  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:29:08.0912 0x05c8  Processor - ok
18:29:08.0975 0x05c8  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
18:29:08.0975 0x05c8  ProfSvc - ok
18:29:09.0021 0x05c8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
18:29:09.0021 0x05c8  ProtectedStorage - ok
18:29:09.0084 0x05c8  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
18:29:09.0084 0x05c8  PSched - ok
18:29:09.0193 0x05c8  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:29:09.0427 0x05c8  ql2300 - ok
18:29:09.0489 0x05c8  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:29:09.0505 0x05c8  ql40xx - ok
18:29:09.0567 0x05c8  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
18:29:09.0583 0x05c8  QWAVE - ok
18:29:09.0614 0x05c8  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:29:09.0614 0x05c8  QWAVEdrv - ok
18:29:09.0645 0x05c8  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:29:09.0645 0x05c8  RasAcd - ok
18:29:09.0677 0x05c8  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
18:29:09.0692 0x05c8  RasAuto - ok
18:29:09.0739 0x05c8  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:09.0755 0x05c8  Rasl2tp - ok
18:29:09.0848 0x05c8  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
18:29:09.0879 0x05c8  RasMan - ok
18:29:09.0926 0x05c8  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:09.0942 0x05c8  RasPppoe - ok
18:29:10.0004 0x05c8  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:29:10.0020 0x05c8  RasSstp - ok
18:29:10.0067 0x05c8  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:29:10.0082 0x05c8  rdbss - ok
18:29:10.0113 0x05c8  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:10.0129 0x05c8  RDPCDD - ok
18:29:10.0176 0x05c8  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
18:29:10.0191 0x05c8  rdpdr - ok
18:29:10.0207 0x05c8  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:29:10.0223 0x05c8  RDPENCDD - ok
18:29:10.0285 0x05c8  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:29:10.0301 0x05c8  RDPWD - ok
18:29:10.0394 0x05c8  [ 0D362785BEF9BDF5A6E1F4628D06716D, DFB22D15BFE57988915C46EA366ECA8B47F663AFC87FD45F7BB2B1C966CCD34A ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
18:29:10.0410 0x05c8  Recovery Service for Windows - ok
18:29:10.0472 0x05c8  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:29:10.0472 0x05c8  RemoteRegistry - ok
18:29:10.0519 0x05c8  [ 805AE1F90C64758D19AAA001CF8CBA12, 28E389FD9D8106D922AAD0FF93107C4C2900565480ACD9E909D8C134E39E39A1 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
18:29:10.0535 0x05c8  RichVideo - ok
18:29:10.0597 0x05c8  rm - ok
18:29:10.0628 0x05c8  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
18:29:10.0644 0x05c8  RpcLocator - ok
18:29:10.0706 0x05c8  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
18:29:10.0753 0x05c8  RpcSs - ok
18:29:10.0800 0x05c8  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:29:10.0800 0x05c8  rspndr - ok
18:29:10.0862 0x05c8  [ 8DAB5975B5C7923D61506A48E251DBAD, 34C197BDBFEB676ED7C0262E27EF9190E684A47E4DBFDFA889958966406F9862 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
18:29:10.0862 0x05c8  RTSTOR - ok
18:29:10.0893 0x05c8  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
18:29:10.0893 0x05c8  SamSs - ok
18:29:10.0956 0x05c8  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:29:10.0956 0x05c8  sbp2port - ok
18:29:11.0034 0x05c8  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:29:11.0065 0x05c8  SCardSvr - ok
18:29:11.0127 0x05c8  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
18:29:11.0159 0x05c8  Schedule - ok
18:29:11.0221 0x05c8  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:29:11.0237 0x05c8  SCPolicySvc - ok
18:29:11.0299 0x05c8  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
18:29:11.0299 0x05c8  sdbus - ok
18:29:11.0346 0x05c8  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:29:11.0361 0x05c8  SDRSVC - ok
18:29:11.0408 0x05c8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:29:11.0408 0x05c8  secdrv - ok
18:29:11.0455 0x05c8  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
18:29:11.0471 0x05c8  seclogon - ok
18:29:11.0517 0x05c8  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
18:29:11.0517 0x05c8  SENS - ok
18:29:11.0564 0x05c8  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:29:11.0564 0x05c8  Serenum - ok
18:29:11.0595 0x05c8  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:29:11.0642 0x05c8  sermouse - ok
18:29:11.0751 0x05c8  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:29:11.0767 0x05c8  SessionEnv - ok
18:29:11.0798 0x05c8  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:29:11.0798 0x05c8  sffdisk - ok
18:29:11.0845 0x05c8  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:29:11.0876 0x05c8  sffp_mmc - ok
18:29:11.0923 0x05c8  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:29:11.0939 0x05c8  sffp_sd - ok
18:29:11.0954 0x05c8  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:29:11.0970 0x05c8  sfloppy - ok
18:29:12.0048 0x05c8  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:29:12.0079 0x05c8  ShellHWDetection - ok
18:29:12.0141 0x05c8  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
18:29:12.0157 0x05c8  sisagp - ok
18:29:12.0219 0x05c8  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
18:29:12.0219 0x05c8  SiSRaid2 - ok
18:29:12.0251 0x05c8  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:29:12.0251 0x05c8  SiSRaid4 - ok
18:29:12.0984 0x05c8  [ 73E3B5D1F1EB5FDC51A5C3437EEE3348, AE4059D62AF5AC6F6174EE39CEA5B4DFBD7B91DDAD7D6BC4E38173221EAAE7AC ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:29:13.0124 0x05c8  Skype C2C Service - ok
18:29:13.0296 0x05c8  [ 9CD1BB2DB803B6AC642BD643DDB773BC, E03EC2FFBE9720E291D13ABF35E027DFA1324CE0934403D1BF4A8E1B86623053 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
18:29:13.0421 0x05c8  SkypeUpdate - ok
18:29:13.0982 0x05c8  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
18:29:14.0216 0x05c8  slsvc - ok
18:29:14.0372 0x05c8  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
18:29:14.0528 0x05c8  SLUINotify - ok
18:29:14.0591 0x05c8  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:29:14.0591 0x05c8  Smb - ok
18:29:14.0637 0x05c8  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:29:14.0653 0x05c8  SNMPTRAP - ok
18:29:14.0684 0x05c8  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:29:14.0684 0x05c8  spldr - ok
18:29:14.0731 0x05c8  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
18:29:14.0747 0x05c8  Spooler - ok
18:29:14.0825 0x05c8  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:29:14.0840 0x05c8  srv - ok
18:29:14.0887 0x05c8  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:29:14.0887 0x05c8  srv2 - ok
18:29:14.0934 0x05c8  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:29:14.0934 0x05c8  srvnet - ok
18:29:14.0965 0x05c8  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:29:14.0981 0x05c8  SSDPSRV - ok
18:29:15.0059 0x05c8  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:29:15.0074 0x05c8  SstpSvc - ok
18:29:15.0121 0x05c8  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:29:15.0137 0x05c8  StillCam - ok
18:29:15.0261 0x05c8  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
18:29:15.0308 0x05c8  stisvc - ok
18:29:15.0371 0x05c8  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:29:15.0371 0x05c8  swenum - ok
18:29:15.0449 0x05c8  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
18:29:15.0480 0x05c8  swprv - ok
18:29:15.0527 0x05c8  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
18:29:15.0589 0x05c8  Symc8xx - ok
18:29:15.0620 0x05c8  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
18:29:15.0620 0x05c8  Sym_hi - ok
18:29:15.0651 0x05c8  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
18:29:15.0651 0x05c8  Sym_u3 - ok
18:29:15.0714 0x05c8  [ 00B19F27858F56181EDB58B71A7C67A0, 50810EAD2234F61310A234DC20B7306E6E809CFFE72F7C71FDE89D4068A29853 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:29:15.0714 0x05c8  SynTP - ok
18:29:15.0823 0x05c8  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
18:29:15.0854 0x05c8  SysMain - ok
18:29:15.0901 0x05c8  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:29:15.0917 0x05c8  TabletInputService - ok
18:29:15.0979 0x05c8  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:29:15.0995 0x05c8  TapiSrv - ok
18:29:16.0057 0x05c8  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
18:29:16.0088 0x05c8  TBS - ok
18:29:16.0213 0x05c8  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:29:16.0260 0x05c8  Tcpip - ok
18:29:16.0307 0x05c8  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
18:29:16.0353 0x05c8  Tcpip6 - ok
18:29:16.0400 0x05c8  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:29:16.0400 0x05c8  tcpipreg - ok
18:29:16.0431 0x05c8  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:29:16.0431 0x05c8  TDPIPE - ok
18:29:16.0463 0x05c8  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:29:16.0463 0x05c8  TDTCP - ok
18:29:16.0541 0x05c8  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:29:16.0541 0x05c8  tdx - ok
18:29:16.0603 0x05c8  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:29:16.0650 0x05c8  TermDD - ok
18:29:16.0759 0x05c8  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
18:29:16.0790 0x05c8  TermService - ok
18:29:16.0853 0x05c8  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
18:29:16.0868 0x05c8  Themes - ok
18:29:16.0899 0x05c8  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
18:29:16.0915 0x05c8  THREADORDER - ok
18:29:16.0962 0x05c8  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
18:29:16.0962 0x05c8  TrkWks - ok
18:29:17.0071 0x05c8  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:29:17.0227 0x05c8  TrustedInstaller - ok
18:29:17.0305 0x05c8  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:17.0305 0x05c8  tssecsrv - ok
18:29:17.0383 0x05c8  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
18:29:17.0383 0x05c8  tunmp - ok
18:29:17.0414 0x05c8  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:29:17.0414 0x05c8  tunnel - ok
18:29:17.0461 0x05c8  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:29:17.0461 0x05c8  uagp35 - ok
18:29:17.0570 0x05c8  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:29:17.0711 0x05c8  udfs - ok
18:29:17.0789 0x05c8  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:29:17.0804 0x05c8  UI0Detect - ok
18:29:17.0851 0x05c8  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:29:17.0851 0x05c8  uliagpkx - ok
18:29:17.0945 0x05c8  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
18:29:17.0960 0x05c8  uliahci - ok
18:29:17.0976 0x05c8  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
18:29:17.0991 0x05c8  UlSata - ok
18:29:18.0054 0x05c8  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
18:29:18.0069 0x05c8  ulsata2 - ok
18:29:18.0101 0x05c8  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:29:18.0101 0x05c8  umbus - ok
18:29:18.0163 0x05c8  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
18:29:18.0194 0x05c8  upnphost - ok
18:29:18.0288 0x05c8  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
18:29:18.0366 0x05c8  USBAAPL - ok
18:29:18.0413 0x05c8  [ 5353218B3265E3B8190335059F697A11, 78722D3FBC6EE58D83BE944F60190454F285FFCFCC419874837C4FC1A04BD6C1 ] usbbus          C:\Windows\system32\DRIVERS\lgusbbus.sys
18:29:18.0413 0x05c8  usbbus - ok
18:29:18.0475 0x05c8  [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:18.0475 0x05c8  usbccgp - ok
18:29:18.0522 0x05c8  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:29:18.0522 0x05c8  usbcir - ok
18:29:18.0569 0x05c8  [ 7DD3EEFC62A1EF44E5F940FA651ED9ED, C337BB497A5438B16FB13EA3CD32A25309A30CA535567E370589A864EFD44F07 ] UsbDiag         C:\Windows\system32\DRIVERS\lgusbdiag.sys
18:29:18.0584 0x05c8  UsbDiag - ok
18:29:18.0615 0x05c8  [ 79E96C23A97CE7B8F14D310DA2DB0C9B, EB441D3B93965CD927E0C181031AD1082F59F9885BF35CABFDCA08C6C76B0DAF ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:29:18.0631 0x05c8  usbehci - ok
18:29:18.0693 0x05c8  [ 4673BBCB006AF60E7ABDDBE7A130BA42, 0B7DED0D887A3530AA5497FDBCB69389486FB9E2B6FAE3163E33713256D575BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:29:18.0709 0x05c8  usbhub - ok
18:29:18.0756 0x05c8  [ 083031A78822ECCBD7510BCCD3E20D4C, 782ED3B00B4B37CD80889DE6C6C822005C02F0A711EE25E42B1052663AD26C10 ] USBModem        C:\Windows\system32\DRIVERS\lgusbmodem.sys
18:29:18.0756 0x05c8  USBModem - ok
18:29:18.0787 0x05c8  [ CE697FEE0D479290D89BEC80DFE793B7, D10F6BAD0467672CCE4F97C7F2E13437CE89AC754C895EAE05F0726B6DC617B1 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:29:18.0787 0x05c8  usbohci - ok
18:29:18.0818 0x05c8  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:29:18.0818 0x05c8  usbprint - ok
18:29:18.0881 0x05c8  [ A508C9BD8724980512136B039BBA65E9, B39B72471C468AC997AEC528599EDC98A031F5A7EB91C4F9471402D48D2D4E3E ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:29:18.0881 0x05c8  usbscan - ok
18:29:18.0959 0x05c8  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:19.0146 0x05c8  USBSTOR - ok
18:29:19.0239 0x05c8  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:29:19.0271 0x05c8  usbuhci - ok
18:29:19.0317 0x05c8  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:29:19.0317 0x05c8  usbvideo - ok
18:29:19.0380 0x05c8  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
18:29:19.0380 0x05c8  UxSms - ok
18:29:19.0458 0x05c8  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
18:29:19.0536 0x05c8  vds - ok
18:29:19.0707 0x05c8  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:19.0723 0x05c8  vga - ok
18:29:19.0817 0x05c8  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:29:19.0879 0x05c8  VgaSave - ok
18:29:19.0957 0x05c8  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
18:29:19.0973 0x05c8  viaagp - ok
18:29:20.0082 0x05c8  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
18:29:20.0097 0x05c8  ViaC7 - ok
18:29:20.0175 0x05c8  [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C, 5D395C20D9121EA3970980703D8692380B4D8CFDAAC4FA8A2B352209F49318B7 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:29:20.0191 0x05c8  viaide - ok
18:29:20.0285 0x05c8  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:29:20.0300 0x05c8  volmgr - ok
18:29:20.0441 0x05c8  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:29:20.0472 0x05c8  volmgrx - ok
18:29:20.0643 0x05c8  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:29:20.0690 0x05c8  volsnap - ok
18:29:20.0784 0x05c8  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:29:20.0940 0x05c8  vsmraid - ok
18:29:21.0080 0x05c8  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
18:29:21.0314 0x05c8  VSS - ok
18:29:21.0439 0x05c8  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
18:29:21.0517 0x05c8  W32Time - ok
18:29:21.0657 0x05c8  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:29:21.0704 0x05c8  WacomPen - ok
18:29:21.0767 0x05c8  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
18:29:21.0907 0x05c8  Wanarp - ok
18:29:22.0032 0x05c8  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:29:22.0079 0x05c8  Wanarpv6 - ok
18:29:22.0422 0x05c8  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:29:22.0547 0x05c8  wcncsvc - ok
18:29:22.0625 0x05c8  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:29:22.0859 0x05c8  WcsPlugInService - ok
18:29:22.0983 0x05c8  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
18:29:23.0077 0x05c8  Wd - ok
18:29:23.0217 0x05c8  [ A840213F1ACDCC175B4D1D5AAEAC0D7A, B20F7CAEEA790290072BC170EBEEADB4C19E1C40DB0B3FE0D4A640D0D82300D6 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:29:23.0451 0x05c8  Wdf01000 - ok
18:29:23.0607 0x05c8  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:29:23.0654 0x05c8  WdiServiceHost - ok
18:29:23.0748 0x05c8  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:29:23.0919 0x05c8  WdiSystemHost - ok
18:29:24.0060 0x05c8  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
18:29:24.0091 0x05c8  WebClient - ok
18:29:24.0231 0x05c8  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:29:24.0325 0x05c8  Wecsvc - ok
18:29:24.0497 0x05c8  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:29:24.0590 0x05c8  wercplsupport - ok
18:29:24.0731 0x05c8  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:29:24.0746 0x05c8  WerSvc - ok
18:29:24.0887 0x05c8  [ 0ACD399F5DB3DF1B58903CF4949AB5A8, F8FA0A8F631AA8F34A0506F1E5E09DFB6CDA1E9E92207A73A74F1A0E7768C49A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:29:24.0918 0x05c8  winachsf - ok
18:29:24.0980 0x05c8  WinHttpAutoProxySvc - ok
18:29:25.0058 0x05c8  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:29:25.0105 0x05c8  Winmgmt - ok
18:29:25.0511 0x05c8  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:29:25.0760 0x05c8  WinRM - ok
18:29:26.0025 0x05c8  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
18:29:26.0057 0x05c8  WinUSB - ok
18:29:26.0275 0x05c8  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:29:26.0369 0x05c8  Wlansvc - ok
18:29:26.0447 0x05c8  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:29:26.0634 0x05c8  WmiAcpi - ok
18:29:26.0696 0x05c8  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:29:26.0727 0x05c8  wmiApSrv - ok
18:29:26.0868 0x05c8  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
18:29:26.0930 0x05c8  WMPNetworkSvc - ok
18:29:27.0039 0x05c8  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:29:27.0164 0x05c8  WPCSvc - ok
18:29:27.0227 0x05c8  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:29:27.0242 0x05c8  WPDBusEnum - ok
18:29:27.0305 0x05c8  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
18:29:27.0305 0x05c8  WpdUsb - ok
18:29:27.0570 0x05c8  [ B800EEC15851597405784126C407188C, 78FE6A9CBFC2C10DB88D5D8616DBFD848849630907906D06199C14DC4F6C152D ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:29:27.0663 0x05c8  WPFFontCache_v0400 - ok
18:29:27.0710 0x05c8  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:29:27.0726 0x05c8  ws2ifsl - ok
18:29:27.0757 0x05c8  WSearch - ok
18:29:27.0866 0x05c8  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:29:27.0913 0x05c8  WudfPf - ok
18:29:27.0975 0x05c8  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:27.0991 0x05c8  WUDFRd - ok
18:29:28.0085 0x05c8  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:29:28.0100 0x05c8  wudfsvc - ok
18:29:28.0147 0x05c8  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
18:29:28.0147 0x05c8  XAudio - ok
18:29:28.0209 0x05c8  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
18:29:28.0241 0x05c8  XAudioService - ok
18:29:28.0334 0x05c8  [ 7D1F3B131D503EF43EE594B5A2B9B427, 307DEC572FBC171D68ED098D73CB6F06754F26E51F8F7DB48035A8CF97AB37D0 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
18:29:28.0350 0x05c8  yukonwlh - ok
18:29:28.0615 0x05c8  ‮etadpug - detected Rootkit.Win32.PMax.gen ( 0 )
18:29:28.0880 0x05c8  ‮etadpug ( Rootkit.Win32.PMax.gen ) - infected
18:29:33.0716 0x05c8  ================ Scan global ===============================
18:29:33.0779 0x05c8  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
18:29:33.0857 0x05c8  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:29:33.0919 0x05c8  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
18:29:33.0997 0x05c8  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
18:29:34.0028 0x05c8  [ Global ] - ok
18:29:34.0028 0x05c8  ================ Scan MBR ==================================
18:29:34.0044 0x05c8  [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
18:29:34.0262 0x05c8  \Device\Harddisk0\DR0 - ok
18:29:34.0262 0x05c8  ================ Scan VBR ==================================
18:29:34.0293 0x05c8  [ A58E3923B536CC8EF7980B615A3D01EB ] \Device\Harddisk0\DR0\Partition1
18:29:34.0293 0x05c8  \Device\Harddisk0\DR0\Partition1 - ok
18:29:34.0325 0x05c8  [ BCB8FE7974AD7E41BFEF81059B951179 ] \Device\Harddisk0\DR0\Partition2
18:29:34.0325 0x05c8  \Device\Harddisk0\DR0\Partition2 - ok
18:29:34.0325 0x05c8  Waiting for KSN requests completion. In queue: 21
18:29:35.0339 0x05c8  Waiting for KSN requests completion. In queue: 21
18:29:36.0353 0x05c8  Waiting for KSN requests completion. In queue: 21
18:29:37.0538 0x05c8  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 8.0.1489.300 ), 0x41000 ( enabled : updated )
18:29:37.0725 0x05c8  Win FW state via NFP2: enabled
18:29:42.0546 0x05c8  ============================================================
18:29:42.0561 0x05c8  Scan finished
18:29:42.0561 0x05c8  ============================================================
18:29:42.0577 0x1770  Detected object count: 1
18:29:42.0577 0x1770  Actual detected object count: 1
18:30:17.0240 0x1770  ‮etadpug ( Rootkit.Win32.PMax.gen ) - skipped by user
18:30:17.0256 0x1770  ‮etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Skip 
 


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 21 October 2013 - 02:25 PM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 yobellzaa

yobellzaa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 21 October 2013 - 03:21 PM

ComboFix 13-10-21.01 - Paul 21/10/2013  20:55:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2814.1789 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\76603ac3
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\trz2E78.tmp
c:\users\Paul\AppData\Local\Google\Desktop\Install
c:\users\Paul\AppData\Local\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\C3C1~1\01C8~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
c:\windows\PFRO.log
.
c:\windows\system32\drivers\Serial.sys was missing 
Restored copy from - c:\windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-21 to 2013-10-21  )))))))))))))))))))))))))))))))
.
.
2013-10-21 20:08 . 2013-10-21 20:12 -------- d-----w- c:\users\Paul\AppData\Local\temp
2013-10-20 12:15 . 2013-10-20 12:15 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-10-18 07:55 . 2013-10-18 07:55 -------- d-----w- c:\program files\GUM4317.tmp
2013-10-07 14:08 . 2013-10-07 14:08 -------- d-----w- c:\users\Paul\AppData\Local\avgchrome
2013-10-07 14:07 . 2013-10-07 14:07 -------- d-----w- c:\windows\system32\Extensions
2013-10-07 14:07 . 2013-10-07 14:07 -------- d-----w- c:\windows\system32\searchplugins
2013-10-07 14:04 . 2013-10-07 14:04 -------- d-----w- c:\programdata\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-05 05:02 . 2013-09-27 07:34 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{333B7F17-364A-40C0-B4CD-C0096044B3DE}\mpengine.dll
2013-08-08 01:45 . 2013-09-11 08:08 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-08-07 03:22 . 2013-01-12 10:48 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 04:09 . 2013-08-28 08:34 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-01 10:21 . 2013-09-11 08:08 916992 ----a-w- c:\windows\system32\wininet.dll
2013-08-01 10:15 . 2013-09-11 08:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-01 10:15 . 2013-09-11 08:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-01 10:15 . 2013-09-11 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-01 10:15 . 2013-09-11 08:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-08-01 10:13 . 2013-09-11 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-01 08:37 . 2013-09-11 08:08 385024 ----a-w- c:\windows\system32\html.iec
2013-08-01 06:56 . 2013-09-11 08:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-01 06:54 . 2013-09-11 08:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-03-25 10:50 1548288 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2009-03-25 10:51 1516032 ----a-w- c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 17:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 11:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-23 14:39 13797920 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-23 14:39 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-11-17 18:48 1199576 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 15:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-we c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4180230192-466746350-4174896990-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 07:58 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 18:11]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 18:11]
.
2013-09-22 c:\windows\Tasks\HPCeeScheduleForPaul.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-26 18:34]
.
2013-10-21 c:\windows\Tasks\User_Feed_Synchronization-{0CB6C9B2-72AD-49D1-91AF-A863F14FBB74}.job
- c:\windows\system32\msfeedssync.exe [2013-09-11 06:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e9df9360-97f8-4690-afe6-996c80790da4} - (no file)
Toolbar-10 - (no file)
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Lhokocozi - c:\users\Paul\AppData\Local\ukobuvogepuwido.dll
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Remote System Protection - c:\windows\system32\szwplkfiv.dll
MSConfigStartUp-Rhuyilimelumoru - c:\users\Paul\AppData\Local\KBDGR2.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-21 21:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Kodak\AiO\Center\EKAiOHostService.exe
c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\WerCon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVAST Software\Avast\setup\avast.setup
.
**************************************************************************
.
Completion time: 2013-10-21  21:19:05 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-21 20:18
.
Pre-Run: 25,212,719,104 bytes free
Post-Run: 25,167,478,784 bytes free
.
- - End Of File - - 3585F9563C4D9FA759A0AE3E7D80C79C
588AE8F0C685C02BA11F30D9CD7E61A0


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 22 October 2013 - 01:31 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 yobellzaa

yobellzaa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 22 October 2013 - 05:43 AM

ComboFix 13-10-21.01 - Paul 22/10/2013   8:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2814.1087 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\windows\system32\Extensions
c:\windows\system32\searchplugins
.
---- Previous Run -------
.
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\76603ac3
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
c:\program files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\trz2E78.tmp
c:\users\Paul\AppData\Local\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\C3C1~1\01C8~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
c:\windows\PFRO.log
.
-- Previous Run --
.
c:\windows\system32\drivers\Serial.sys was missing 
Restored copy from - c:\windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
.
--------
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-22 to 2013-10-22  )))))))))))))))))))))))))))))))
.
.
2013-10-22 07:54 . 2013-10-22 07:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-21 20:08 . 2013-10-22 07:54 -------- d-----w- c:\users\Paul\AppData\Local\temp
2013-10-21 20:08 . 2008-01-21 02:23 83456 ----a-w- c:\windows\system32\drivers\Serial.sys
2013-10-20 12:15 . 2013-10-20 12:15 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-10-18 07:55 . 2013-10-18 07:55 -------- d-----w- c:\program files\GUM4317.tmp
2013-10-07 14:08 . 2013-10-07 14:08 -------- d-----w- c:\users\Paul\AppData\Local\avgchrome
2013-09-27 07:34 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{333B7F17-364A-40C0-B4CD-C0096044B3DE}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-03 13:35 . 2013-01-12 10:48 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-08 01:45 . 2013-09-11 08:08 2049536 ----a-w- c:\windows\system32\win32k.sys
2013-08-02 04:09 . 2013-08-28 08:34 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-01 10:21 . 2013-09-11 08:08 916992 ----a-w- c:\windows\system32\wininet.dll
2013-08-01 10:15 . 2013-09-11 08:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-01 10:15 . 2013-09-11 08:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-01 10:15 . 2013-09-11 08:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-08-01 10:15 . 2013-09-11 08:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-08-01 10:13 . 2013-09-11 08:08 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-01 08:37 . 2013-09-11 08:08 385024 ----a-w- c:\windows\system32\html.iec
2013-08-01 06:56 . 2013-09-11 08:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-01 06:54 . 2013-09-11 08:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 16:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-07-25 20684656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-03-25 10:50 1548288 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2009-03-25 10:51 1516032 ----a-w- c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2009-04-11 06:27 69120 ----a-w- c:\windows\System32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 17:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lhokocozi]
c:\users\Paul\AppData\Local\ukobuvogepuwido.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 11:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
c:\program files\Windows Live\Messenger\msnmsgr.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-23 14:39 13797920 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-23 14:39 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote System Protection]
c:\windows\system32\szwplkfiv.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rhuyilimelumoru]
c:\users\Paul\AppData\Local\KBDGR2.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-11-17 18:48 1199576 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 15:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-we c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4180230192-466746350-4174896990-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 07:58 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 18:11]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 18:11]
.
2013-09-22 c:\windows\Tasks\HPCeeScheduleForPaul.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-26 18:34]
.
2013-10-22 c:\windows\Tasks\User_Feed_Synchronization-{0CB6C9B2-72AD-49D1-91AF-A863F14FBB74}.job
- c:\windows\system32\msfeedssync.exe [2013-09-11 06:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e9df9360-97f8-4690-afe6-996c80790da4} - (no file)
Toolbar-10 - (no file)
WebBrowser-{E9DF9360-97F8-4690-AFE6-996C80790DA4} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-22 08:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-10-22  08:56:48
ComboFix-quarantined-files.txt  2013-10-22 07:56
ComboFix2.txt  2013-10-21 20:19
.
Pre-Run: 24,382,111,744 bytes free
Post-Run: 24,841,568,256 bytes free
.
- - End Of File - - CB47036D4F35B7C970141FBB8A13C4DB
588AE8F0C685C02BA11F30D9CD7E61A0

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.22.03
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19458
Paul :: PAUL-PC [administrator]
 
22/10/2013 09:07:15
mbam-log-2013-10-22 (09-07-15).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397742
Time elapsed: 2 hour(s), 9 minute(s), 29 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 22 October 2013 - 05:53 AM

hm...I wonder where some of the entries came from...

 

 

Scan with RogueKiller

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • You´ll find the log as RKreport[1].txt on your desktop also.
  • Exit/Close RogueKiller.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 yobellzaa

yobellzaa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 22 October 2013 - 06:07 AM

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 10/22/2013 12:01:57
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\SCENIC~1.SCR [x]) -> FOUND
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][ROGUE ST] 4583 : wscript.exe - C:\Users\Paul\AppData\Local\Temp\launchie.vbs //B -> FOUND
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Paul\AppData\Local\Temp\IHUD5A6.tmp.exe [x][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtMon.dll : C:\Program Files\Windows Defender\MpRtMon.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRtPlug.dll : C:\Program Files\Windows Defender\MpRtPlug.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSigDwn.dll : C:\Program Files\Windows Defender\MpSigDwn.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSoftEx.dll : C:\Program Files\Windows Defender\MpSoftEx.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x362FE766)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x362FE766)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x362FE766)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] 3ba5a594f5689e4c2d28b6926493b721
[BSP] b90e997a9db954e5ec97ff0327b5191f : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 227604 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 466135040 | Size: 10867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10222013_120157.txt >>


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 22 October 2013 - 06:14 AM

Place a checkmark besides every found entry in RogueKiller and hit delete.

Create a new log and post it up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 yobellzaa

yobellzaa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 22 October 2013 - 06:50 AM

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 10/22/2013 12:48:07
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x362FE766)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x362FE766)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x362FE766)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] 3ba5a594f5689e4c2d28b6926493b721
[BSP] b90e997a9db954e5ec97ff0327b5191f : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 227604 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 466135040 | Size: 10867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10222013_124807.txt >>
RKreport[0]_D_10222013_124459.txt;RKreport[0]_S_10222013_120157.txt


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 22 October 2013 - 06:53 AM

OK, much better.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 yobellzaa

yobellzaa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 22 October 2013 - 09:37 AM

C:\Documents and Settings\Paul\AppData\LocalLow\FunWebProducts\Installr\Cache\00D0E67B.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@.vir Win32/Conedex.T trojan
C:\Qoobox\Quarantine\C\Program Files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\0103~1\7154~1\CFFE~1\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\trz369.tmp Win32/Sirefef.FV trojan
C:\Users\Paul\AppData\LocalLow\FunWebProducts\Installr\Cache\00D0E67B.exe a variant of Win32/Toolbar.MyWebSearch.O application





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users