Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avast gives EVO-gen[susp] tdsskiller finds sinowal.b


  • This topic is locked This topic is locked
63 replies to this topic

#1 IceSkater74

IceSkater74

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 26 October 2013 - 10:49 PM

I'm trying to help myself but this one is "nasty."

 

1. Avast indicates that "SVC: SP Software Installer> C:\Program Files\...\sp_SWIns.exe is a Win32:;EVo-gen [susp] via screen pop up.
2. From malwaretips.com/blogs/win32evo-gen-susp-virus\... I started downloading scanners.
3. Initial run of tdsskiller found rootkit.boot.sinowal.b \physical Device\HardDisk\DRV1.
4. Before rebooting I also ran malwarebytes anti-malware
5. RogueKiller found 1 bad process and 1 registry entry
6. I finished the malwaretips suggestion with HitmanPro, Emsisoft Emergency Kit, and AdwCleaner (just tracking cookies).
7. I felt pretty good with this until I rebooted and Avast complained again.
8. After researching Sinowal I booted to the recovery console and ran fixmbr.
9. More research and I ran GMER's mbr.exe
10. The mbr log says the MBR is OK but Avast still complains about Sp_SWIns.exe and wants it deleted. Note, scanning Sp_sWins.exe with avast manually shows no threat.
11. Writing this numbered report triggered COMODO to complain about notepad.exe attemtping to modify sti_trace.log and attempting to access COM and svchost.com
(I blocked them) Comodo is running in Paranoid mode for defense and blocked mode on firewall (wireless is also unplugged).

12.

 

DDS Follows

-------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Steven at 23:23:03 on 2013-10-26
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1499 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [Google Update] "c:\documents and settings\steven\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246843162500
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs=  c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\steven\application data\mozilla\firefox\profiles\0mnrr5jr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - plugin: c:\documents and settings\steven\application data\mozilla\firefox\profiles\0mnrr5jr.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\steven\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\steven\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\steven\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\steven\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-07-12 20:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-12-01 18:03; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-16 178304]
R1 A2DDA;A2 Direct Disk Access Support Driver;d:\malware\run\a2ddax86.sys [2013-10-22 22056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-4 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-4 403440]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-4 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-16 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-4 50344]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1990464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca14b354736792;Google Update Service (gupdate1ca14b354736792);c:\program files\google\update\GoogleUpdate.exe [2009-8-3 133104]
S3 AMBroker;Access Manager Configuration Service;"c:\program files\accessmanager\client\ambroker.exe" --> c:\program files\accessmanager\client\AMBroker.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2013-8-14 30312]
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;c:\windows\system32\BWNDIS5.SYS [2004-3-10 15744]
S3 cleanhlp;cleanhlp;d:\malware\run\cleanhlp32.sys [2013-10-22 50200]
S3 DAPlugin;Visual Insight DA Plugin;c:\program files\accessmanager\client\daplugin.exe --> c:\program files\accessmanager\client\DAPlugin.exe [?]
S3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter®;c:\windows\system32\drivers\bkusbxp.sys [2009-7-5 99584]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 sp_spi_da;Visual Insight Dial Analysis;c:\program files\accessmanager\smoc\spi_da.exe --> c:\program files\accessmanager\smoc\spi_da.exe [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-8-14 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-8-14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-8-14 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2013-8-14 98152]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-10-23 01:07:52    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-10-23 01:07:52    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-10-23 01:07:52    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-23 01:07:52    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-23 01:07:51    43152    ----a-w-    c:\windows\avastSS.scr
2013-10-09 01:28:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 01:28:19    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ----a-w-    c:\windows\system32\html.iec
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 18:18:38    1543680    ------w-    c:\windows\system32\wmvdecod.dll
.
============= FINISH: 23:24:01.70 ===============
 



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 28 October 2013 - 12:50 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
I see that you have TDSSKiller on your system already?  Please run a new scan and post the newly made log to your next reply.   :)
 
---------------
 
81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 IceSkater74

IceSkater74
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 29 October 2013 - 09:21 PM

Hi Jeff:

 

1. While posting this Avast has not been complaining about sp_SWins.exe so far.

 

2, On the first run of TDSSkiller I forgot to ask for the report.
I ran it a second time and then got the report which follows. I hope it is still useful.

 

3. I didn't mean to click Clean on ADwCleaner but I did so I'll post this and then try to kill the OK window on the AdwCleaner window.

 

4. Also, while creating this, COMODO warned about notepad.exe wanting to "modify the contents of C:\windows\Sti_Trace.log" as well as notepad.exe trying to access the protected COM interface. I blocked both requests. Are these accesses normal or is something amiss?

 

Thanks for your help in fighting this..

TDSSKiller Second Run with report:

21:48:28.0281 0x0bac  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
21:48:31.0953 0x0bac  ============================================================
21:48:31.0953 0x0bac  Current date / time: 2013/10/29 21:48:31.0953
21:48:31.0953 0x0bac  SystemInfo:
21:48:31.0953 0x0bac  
21:48:31.0953 0x0bac  OS Version: 5.1.2600 ServicePack: 3.0
21:48:31.0953 0x0bac  Product type: Workstation
21:48:31.0953 0x0bac  ComputerName: DELL8400
21:48:31.0953 0x0bac  UserName: Steven
21:48:31.0953 0x0bac  Windows directory: C:\WINDOWS
21:48:31.0953 0x0bac  System windows directory: C:\WINDOWS
21:48:31.0953 0x0bac  Processor architecture: Intel x86
21:48:31.0953 0x0bac  Number of processors: 2
21:48:31.0953 0x0bac  Page size: 0x1000
21:48:31.0953 0x0bac  Boot type: Normal boot
21:48:31.0953 0x0bac  ============================================================
21:48:34.0500 0x0bac  System UUID: {E035B830-F70D-AC0C-5579-CAB6A39DD6C8}
21:48:35.0296 0x0bac  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:48:35.0296 0x0bac  Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:48:35.0312 0x0bac  ============================================================
21:48:35.0312 0x0bac  \Device\Harddisk0\DR0:
21:48:35.0328 0x0bac  MBR partitions:
21:48:35.0328 0x0bac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
21:48:35.0328 0x0bac  \Device\Harddisk1\DR1:
21:48:35.0328 0x0bac  MBR partitions:
21:48:35.0328 0x0bac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
21:48:35.0328 0x0bac  ============================================================
21:48:35.0375 0x0bac  C: <-> \Device\Harddisk0\DR0\Partition1
21:48:35.0390 0x0bac  D: <-> \Device\Harddisk1\DR1\Partition1
21:48:35.0390 0x0bac  ============================================================
21:48:35.0390 0x0bac  Initialize success
21:48:35.0390 0x0bac  ============================================================
21:48:39.0484 0x0fa0  ============================================================
21:48:39.0484 0x0fa0  Scan started
21:48:39.0484 0x0fa0  Mode: Manual;
21:48:39.0484 0x0fa0  ============================================================
21:48:39.0484 0x0fa0  KSN ping started
21:48:42.0203 0x0fa0  KSN ping finished: true
21:48:42.0890 0x0fa0  ================ Scan system memory ========================
21:48:42.0890 0x0fa0  System memory - ok
21:48:42.0890 0x0fa0  ================ Scan services =============================
21:48:42.0984 0x0fa0  [ B0CC0B50441372157F31C4C023D43A3E, A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] A2DDA           

D:\MALWARE\RUN\a2ddax86.sys
21:48:42.0984 0x0fa0  A2DDA - ok
21:48:43.0109 0x0fa0  Abiosdsk - ok
21:48:43.0109 0x0fa0  abp480n5 - ok
21:48:43.0250 0x0fa0  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:48:43.0265 0x0fa0  ACDaemon - ok
21:48:43.0312 0x0fa0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            

C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:48:43.0312 0x0fa0  ACPI - ok
21:48:43.0375 0x0fa0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          

C:\WINDOWS\system32\drivers\ACPIEC.sys
21:48:43.0375 0x0fa0  ACPIEC - ok
21:48:43.0468 0x0fa0  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ]

AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:48:43.0468 0x0fa0  AdobeFlashPlayerUpdateSvc - ok
21:48:43.0484 0x0fa0  adpu160m - ok
21:48:43.0531 0x0fa0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             

C:\WINDOWS\system32\drivers\aec.sys
21:48:43.0546 0x0fa0  aec - ok
21:48:43.0578 0x0fa0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             

C:\WINDOWS\System32\drivers\afd.sys
21:48:43.0593 0x0fa0  AFD - ok
21:48:43.0593 0x0fa0  Aha154x - ok
21:48:43.0609 0x0fa0  aic78u2 - ok
21:48:43.0609 0x0fa0  aic78xx - ok
21:48:43.0656 0x0fa0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         

C:\WINDOWS\system32\alrsvc.dll
21:48:43.0656 0x0fa0  Alerter - ok
21:48:43.0687 0x0fa0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             

C:\WINDOWS\System32\alg.exe
21:48:43.0687 0x0fa0  ALG - ok
21:48:43.0703 0x0fa0  AliIde - ok
21:48:43.0718 0x0fa0  AMBroker - ok
21:48:43.0734 0x0fa0  amsint - ok
21:48:43.0750 0x0fa0  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb      

C:\WINDOWS\system32\Drivers\ssadadb.sys
21:48:43.0750 0x0fa0  androidusb - ok
21:48:43.0828 0x0fa0  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:48:43.0843 0x0fa0  Apple Mobile Device - ok
21:48:43.0843 0x0fa0  AppMgmt - ok
21:48:43.0859 0x0fa0  asc - ok
21:48:43.0859 0x0fa0  asc3350p - ok
21:48:43.0875 0x0fa0  asc3550 - ok
21:48:44.0000 0x0fa0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:48:44.0000 0x0fa0  aspnet_state - ok
21:48:44.0062 0x0fa0  [ D5730129EA9ADF7AE710DA0B14F9DE19, 79DECECA6DF86D85280C41242924753302B181584E3C4E60EF0F0E8EE2672E64 ] aswFsBlk        

C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:48:44.0062 0x0fa0  aswFsBlk - ok
21:48:44.0093 0x0fa0  [ 6F23333C8358D267718F9ECB21CBB6F4, 647A743E9E95763B45BF2A83A30C5FD08CB085DC805B096724ACE29037AF29A1 ] aswMonFlt       

C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:48:44.0093 0x0fa0  aswMonFlt - ok
21:48:44.0125 0x0fa0  [ 29CB7009F11470A24B1D49849A6118A5, 67CAF72D6DB5E10889AFDD90D004B15A3FCFF47432167C209A6DB5233206A626 ] AswRdr          

C:\WINDOWS\system32\drivers\aswRdr.sys
21:48:44.0125 0x0fa0  AswRdr - ok
21:48:44.0140 0x0fa0  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         

C:\WINDOWS\system32\drivers\aswRvrt.sys
21:48:44.0140 0x0fa0  aswRvrt - ok
21:48:44.0203 0x0fa0  [ 50C85412AD31F5C0F687F00C2E34C673, D8EBD884AD717DFC78948177A1DED1D6FD8E3E88B20847751078B553F6C5D54A ] aswSnx          

C:\WINDOWS\system32\drivers\aswSnx.sys
21:48:44.0218 0x0fa0  aswSnx - ok
21:48:44.0234 0x0fa0  [ DDEBA353975F0827143484D5A9310935, 639FFE049A95679FB7B58D971A11DD73A37233DE0F7A017388E4B7A47E0D21BD ] aswSP           

C:\WINDOWS\system32\drivers\aswSP.sys
21:48:44.0250 0x0fa0  aswSP - ok
21:48:44.0265 0x0fa0  [ 8BCD47E79EAA40C387D7B9DCEC41DE2D, FDED5A91287037DA21C5456BD67C5898FB6F063B28DD97B1E47D4AB0D9365BAD ] aswTdi          

C:\WINDOWS\system32\drivers\aswTdi.sys
21:48:44.0265 0x0fa0  aswTdi - ok
21:48:44.0312 0x0fa0  [ BADA8FD627F1D0E22308211C33F0BDB5, F88751280969B8963DCFC684C99C7CCF396B50FD0AC0F869628A009557438609 ] aswVmm          

C:\WINDOWS\system32\drivers\aswVmm.sys
21:48:44.0328 0x0fa0  aswVmm - ok
21:48:44.0375 0x0fa0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:48:44.0375 0x0fa0  AsyncMac - ok
21:48:44.0390 0x0fa0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           

C:\WINDOWS\system32\DRIVERS\atapi.sys
21:48:44.0390 0x0fa0  atapi - ok
21:48:44.0390 0x0fa0  Atdisk - ok
21:48:44.0453 0x0fa0  [ 40F02B8460AC817EA0CEA2E0CAB4C2ED, 5BA087383FA12B31B241E464BFFE7E0FCA8D2DEA12DBBE2F2C39E9A14496BBFF ] Ati HotKey Poller

C:\WINDOWS\system32\Ati2evxx.exe
21:48:44.0468 0x0fa0  Ati HotKey Poller - ok
21:48:44.0500 0x0fa0  [ D41EB535E2B2D8872463E5F59F215D4E, F3786940C43900875DD8E8114E39D8C2CCC1FC83210B71F475ADFCE8C13590A8 ] ATI Smart       

C:\WINDOWS\system32\ati2sgag.exe
21:48:44.0515 0x0fa0  ATI Smart - ok
21:48:44.0609 0x0fa0  [ A7DD7088E2C987DBCB3F4D6D56F723BD, AA28E1B02BC03CD5E4059ADD69EC8E16CFC08CC309A91AAC67D3AFA4B439A870 ] ati2mtag        

C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:48:44.0640 0x0fa0  ati2mtag - ok
21:48:44.0671 0x0fa0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:48:44.0671 0x0fa0  Atmarpc - ok
21:48:44.0718 0x0fa0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        

C:\WINDOWS\System32\audiosrv.dll
21:48:44.0734 0x0fa0  AudioSrv - ok
21:48:44.0781 0x0fa0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         

C:\WINDOWS\system32\DRIVERS\audstub.sys
21:48:44.0781 0x0fa0  audstub - ok
21:48:44.0875 0x0fa0  [ 4BE7EC02133544CDE7A580875E130208, DF665024664252BB6005B80B99C091905F9B5873D58CE9FED2E66F578E372D13 ] avast! Antivirus

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:48:44.0875 0x0fa0  avast! Antivirus - ok
21:48:44.0937 0x0fa0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            

C:\WINDOWS\system32\drivers\Beep.sys
21:48:44.0937 0x0fa0  Beep - ok
21:48:45.0031 0x0fa0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            

C:\WINDOWS\system32\qmgr.dll
21:48:45.0046 0x0fa0  BITS - ok
21:48:45.0140 0x0fa0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service

C:\Program Files\Bonjour\mDNSResponder.exe
21:48:45.0156 0x0fa0  Bonjour Service - ok
21:48:45.0203 0x0fa0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         

C:\WINDOWS\System32\browser.dll
21:48:45.0203 0x0fa0  Browser - ok
21:48:45.0265 0x0fa0  [ 8514AE0E369412B0320EED2F8B27A8E1, 12CDABDF835F03629A0A07C703E2BAC585FCE1BDD572D961F554B90EEE2F8EF6 ] BWNDIS5         

C:\WINDOWS\system32\BWNDIS5.SYS
21:48:45.0265 0x0fa0  BWNDIS5 - ok
21:48:45.0406 0x0fa0  catchme - ok
21:48:45.0453 0x0fa0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         

C:\WINDOWS\system32\drivers\cbidf2k.sys
21:48:45.0453 0x0fa0  cbidf2k - ok
21:48:45.0468 0x0fa0  cd20xrnt - ok
21:48:45.0484 0x0fa0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         

C:\WINDOWS\system32\drivers\Cdaudio.sys
21:48:45.0484 0x0fa0  Cdaudio - ok
21:48:45.0531 0x0fa0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            

C:\WINDOWS\system32\drivers\Cdfs.sys
21:48:45.0531 0x0fa0  Cdfs - ok
21:48:45.0546 0x0fa0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           

C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:48:45.0546 0x0fa0  Cdrom - ok
21:48:45.0562 0x0fa0  Changer - ok
21:48:45.0609 0x0fa0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           

C:\WINDOWS\system32\cisvc.exe
21:48:45.0609 0x0fa0  CiSvc - ok
21:48:45.0640 0x0fa0  [ 85F1DDEA3C10921190CDBA107B22590C, 1B3BD413256BA1F06B3A7C06ADDEFF5823A68F8FEC058DB02023791B4D87A540 ] cleanhlp        

D:\Malware\Run\cleanhlp32.sys
21:48:45.0640 0x0fa0  cleanhlp - ok
21:48:45.0640 0x0fa0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         

C:\WINDOWS\system32\clipsrv.exe
21:48:45.0640 0x0fa0  ClipSrv - ok
21:48:45.0703 0x0fa0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ]

clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:48:45.0703 0x0fa0  clr_optimization_v2.0.50727_32 - ok
21:48:45.0812 0x0fa0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ]

clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:48:45.0812 0x0fa0  clr_optimization_v4.0.30319_32 - ok
21:48:45.0968 0x0fa0  [ 2A2D72271844C52F004901A60312B96A, A7782E78EE6797A100410C997B77C95B1D991E57C0E5025FC17324EF54C54F0F ] cmdAgent        

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
21:48:46.0031 0x0fa0  cmdAgent - ok
21:48:46.0078 0x0fa0  [ 9181CC4D007ADBE21DB9A11BFECAFEF5, 06B5FDD33D5EE99659DF772CAB38A187166A7F9662B43B1DFC786E0DEFF013B8 ] cmdGuard        

C:\WINDOWS\system32\DRIVERS\cmdguard.sys
21:48:46.0093 0x0fa0  cmdGuard - ok
21:48:46.0109 0x0fa0  [ C5A9FB50E8CA7FD99F256255FEE71580, 98A826550D7960A3605F67EBA84B721881B7F7D5B7F8445AA6F8790FE2DA05F2 ] cmdHlp          

C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
21:48:46.0109 0x0fa0  cmdHlp - ok
21:48:46.0125 0x0fa0  CmdIde - ok
21:48:46.0125 0x0fa0  COMSysApp - ok
21:48:46.0156 0x0fa0  Cpqarray - ok
21:48:46.0203 0x0fa0  [ 3C8B6609712F4FF78E521F6DCFC4032B, DFCFD5F2D35DDA25DD91B4D732BDF84D1526AB11084E22523D51ABB2A8608402 ] Creative Service

for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
21:48:46.0203 0x0fa0  Creative Service for CDROM Access - ok
21:48:46.0250 0x0fa0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        

C:\WINDOWS\System32\cryptsvc.dll
21:48:46.0250 0x0fa0  CryptSvc - ok
21:48:46.0312 0x0fa0  [ 5C706C06C1279952D2CC1A609CA948BF, 42E4DCBCE40AB845AC25392D17C9E79F2E4B19C96618BD03EE175C3FA660BF04 ] CVirtA          

C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:48:46.0312 0x0fa0  CVirtA - ok
21:48:46.0312 0x0fa0  dac2w2k - ok
21:48:46.0328 0x0fa0  dac960nt - ok
21:48:46.0328 0x0fa0  DAPlugin - ok
21:48:46.0390 0x0fa0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      

C:\WINDOWS\system32\rpcss.dll
21:48:46.0406 0x0fa0  DcomLaunch - ok
21:48:46.0468 0x0fa0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            

C:\WINDOWS\System32\dhcpcsvc.dll
21:48:46.0468 0x0fa0  Dhcp - ok
21:48:46.0484 0x0fa0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            

C:\WINDOWS\system32\DRIVERS\disk.sys
21:48:46.0484 0x0fa0  Disk - ok
21:48:46.0500 0x0fa0  dmadmin - ok
21:48:46.0546 0x0fa0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          

C:\WINDOWS\system32\drivers\dmboot.sys
21:48:46.0562 0x0fa0  dmboot - ok
21:48:46.0578 0x0fa0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            

C:\WINDOWS\system32\drivers\dmio.sys
21:48:46.0578 0x0fa0  dmio - ok
21:48:46.0625 0x0fa0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          

C:\WINDOWS\system32\drivers\dmload.sys
21:48:46.0625 0x0fa0  dmload - ok
21:48:46.0671 0x0fa0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        

C:\WINDOWS\System32\dmserver.dll
21:48:46.0671 0x0fa0  dmserver - ok
21:48:46.0718 0x0fa0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          

C:\WINDOWS\system32\drivers\DMusic.sys
21:48:46.0718 0x0fa0  DMusic - ok
21:48:46.0765 0x0fa0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        

C:\WINDOWS\System32\dnsrslvr.dll
21:48:46.0781 0x0fa0  Dnscache - ok
21:48:46.0828 0x0fa0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         

C:\WINDOWS\System32\dot3svc.dll
21:48:46.0828 0x0fa0  Dot3svc - ok
21:48:46.0843 0x0fa0  dpti2o - ok
21:48:46.0859 0x0fa0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         

C:\WINDOWS\system32\drivers\drmkaud.sys
21:48:46.0875 0x0fa0  drmkaud - ok
21:48:46.0921 0x0fa0  [ 049177996E5E33B5FAF40CAD2B82098C, 45E6ECEE1C0F545300D13712959367128083F499C910A01E402A022848D21D1C ] drvmcdb         

C:\WINDOWS\system32\drivers\drvmcdb.sys
21:48:46.0921 0x0fa0  drvmcdb - ok
21:48:46.0937 0x0fa0  [ 2F4134D073F972575C174E3D621F0107, 368E1686E12FA54C0F3FB2AD46D755FAEBDD45096E266244E448B7ECA77CC560 ] drvnddm         

C:\WINDOWS\system32\drivers\drvnddm.sys
21:48:46.0937 0x0fa0  drvnddm - ok
21:48:46.0968 0x0fa0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         

C:\WINDOWS\System32\eapsvc.dll
21:48:46.0968 0x0fa0  EapHost - ok
21:48:47.0000 0x0fa0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           

C:\WINDOWS\System32\ersvc.dll
21:48:47.0015 0x0fa0  ERSvc - ok
21:48:47.0062 0x0fa0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        

C:\WINDOWS\system32\services.exe
21:48:47.0078 0x0fa0  Eventlog - ok
21:48:47.0093 0x0fa0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     

C:\WINDOWS\System32\es.dll
21:48:47.0093 0x0fa0  EventSystem - ok
21:48:47.0125 0x0fa0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         

C:\WINDOWS\system32\drivers\Fastfat.sys
21:48:47.0140 0x0fa0  Fastfat - ok
21:48:47.0187 0x0fa0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ]

FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:48:47.0203 0x0fa0  FastUserSwitchingCompatibility - ok
21:48:47.0250 0x0fa0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             

C:\WINDOWS\system32\DRIVERS\fdc.sys
21:48:47.0250 0x0fa0  Fdc - ok
21:48:47.0265 0x0fa0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            

C:\WINDOWS\system32\drivers\Fips.sys
21:48:47.0265 0x0fa0  Fips - ok
21:48:47.0281 0x0fa0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        

C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:48:47.0281 0x0fa0  Flpydisk - ok
21:48:47.0328 0x0fa0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          

C:\WINDOWS\system32\drivers\fltmgr.sys
21:48:47.0343 0x0fa0  FltMgr - ok
21:48:47.0437 0x0fa0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:48:47.0437 0x0fa0  FontCache3.0.0.0 - ok
21:48:47.0453 0x0fa0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          

C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:48:47.0453 0x0fa0  Fs_Rec - ok
21:48:47.0468 0x0fa0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:48:47.0484 0x0fa0  Ftdisk - ok
21:48:47.0531 0x0fa0  [ 21DB115BB123A0C29F6B7ED9C76BFBD6, E9676F4B35449554C4711CCB5464EFA19FD8BB8FA3167F7B4FB5575C5A899196 ] FVNETusbXP      

C:\WINDOWS\system32\DRIVERS\bkusbxp.sys
21:48:47.0546 0x0fa0  FVNETusbXP - ok
21:48:47.0578 0x0fa0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     

C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:48:47.0593 0x0fa0  GEARAspiWDM - ok
21:48:47.0609 0x0fa0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             

C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:48:47.0625 0x0fa0  Gpc - ok
21:48:47.0671 0x0fa0  [ D956358054E99E6FFAC69CD87E893A89, 91CDDEDBAB9E0E4DED1465DA2364F4281E54A7E4645B61CC19B26053A4047314 ] grmnusb         

C:\WINDOWS\system32\drivers\grmnusb.sys
21:48:47.0687 0x0fa0  grmnusb - ok
21:48:47.0765 0x0fa0  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ]

gupdate1ca14b354736792 C:\Program Files\Google\Update\GoogleUpdate.exe
21:48:47.0781 0x0fa0  gupdate1ca14b354736792 - ok
21:48:47.0812 0x0fa0  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        

C:\Program Files\Google\Update\GoogleUpdate.exe
21:48:47.0812 0x0fa0  gupdatem - ok
21:48:47.0843 0x0fa0  [ 408DDD80EEDE47175F6844817B90213E, 836822885D90DAFFD25A7D7EE363F4DACD41AA4B59095243E2798B137DC55FE3 ] gusvc           

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:48:47.0843 0x0fa0  gusvc - ok
21:48:47.0937 0x0fa0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:48:47.0937 0x0fa0  helpsvc - ok
21:48:47.0968 0x0fa0  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         

C:\WINDOWS\System32\hidserv.dll
21:48:47.0968 0x0fa0  HidServ - ok
21:48:48.0000 0x0fa0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          

C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:48:48.0015 0x0fa0  HidUsb - ok
21:48:48.0062 0x0fa0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          

C:\WINDOWS\System32\kmsvc.dll
21:48:48.0062 0x0fa0  hkmsvc - ok
21:48:48.0078 0x0fa0  hpn - ok
21:48:48.0140 0x0fa0  [ 9F1D80908658EB7F1BF70809E0B51470, 84FD62D34BC63BA41027DD2164B1E4F86BC8783E8A601E9F189627A4B3D54AAA ] HPZid412        

C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:48:48.0140 0x0fa0  HPZid412 - ok
21:48:48.0171 0x0fa0  [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3, 886A5222940A6E14B359B45AA158390468B601FB58949E7F5BEC93B5459AF689 ] HPZipr12        

C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:48:48.0171 0x0fa0  HPZipr12 - ok
21:48:48.0203 0x0fa0  [ CF1B7951B4EC8D13F3C93B74BB2B461B, 3A1B8A9A9AB0E916288AD6198C377E3A4D278DB3D8DCD4299F0ADC83973F0495 ] HPZius12        

C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:48:48.0203 0x0fa0  HPZius12 - ok
21:48:48.0250 0x0fa0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            

C:\WINDOWS\system32\Drivers\HTTP.sys
21:48:48.0265 0x0fa0  HTTP - ok
21:48:48.0296 0x0fa0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      

C:\WINDOWS\System32\w3ssl.dll
21:48:48.0312 0x0fa0  HTTPFilter - ok
21:48:48.0328 0x0fa0  i2omgmt - ok
21:48:48.0328 0x0fa0  i2omp - ok
21:48:48.0375 0x0fa0  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        

C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:48:48.0390 0x0fa0  i8042prt - ok
21:48:48.0484 0x0fa0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:48:48.0515 0x0fa0  idsvc - ok
21:48:48.0546 0x0fa0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           

C:\WINDOWS\system32\DRIVERS\imapi.sys
21:48:48.0546 0x0fa0  Imapi - ok
21:48:48.0593 0x0fa0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    

C:\WINDOWS\System32\imapi.exe
21:48:48.0593 0x0fa0  ImapiService - ok
21:48:48.0609 0x0fa0  ini910u - ok
21:48:48.0640 0x0fa0  [ E1DF634BEC066B3D4FFE437BCB78C282, 974278CA606DF7C0332997E4339EA2AFE017E04C596CE69F47FED798E57D52FB ] Inspect         

C:\WINDOWS\system32\DRIVERS\inspect.sys
21:48:48.0640 0x0fa0  Inspect - ok
21:48:48.0734 0x0fa0  [ FCAB28FFD3A8964581E16455EFAF81C8, 8A9BC70A782735F18B0DA0C32FB47AAF28300EB2A764D7E037DF23756D7A357B ] IntelC51        

C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:48:48.0765 0x0fa0  IntelC51 - ok
21:48:48.0796 0x0fa0  [ A288E7E3A6255255B9066686D860FBC5, 350AE67DF68958039A329F92F6437850C722F2F714F84222BE9447C9ABBC1B74 ] IntelC52        

C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:48:48.0812 0x0fa0  IntelC52 - ok
21:48:48.0843 0x0fa0  [ D5E5A1ABF6BDBA7CA49941A044F04598, 61BF5B04D7E9DED7895BCD9DA126DB57E8045D2914D7E6326DDE1E3D4C976BC1 ] IntelC53        

C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:48:48.0843 0x0fa0  IntelC53 - ok
21:48:48.0859 0x0fa0  IntelIde - ok
21:48:48.0906 0x0fa0  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        

C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:48:48.0906 0x0fa0  intelppm - ok
21:48:49.0015 0x0fa0  [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
21:48:49.0015 0x0fa0  IntuitUpdateService - ok
21:48:49.0046 0x0fa0  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ]

IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
21:48:49.0046 0x0fa0  IntuitUpdateServiceV4 - ok
21:48:49.0078 0x0fa0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           

C:\WINDOWS\system32\drivers\ip6fw.sys
21:48:49.0078 0x0fa0  ip6fw - ok
21:48:49.0125 0x0fa0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:48:49.0125 0x0fa0  IpFilterDriver - ok
21:48:49.0140 0x0fa0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          

C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:48:49.0140 0x0fa0  IpInIp - ok
21:48:49.0203 0x0fa0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           

C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:48:49.0203 0x0fa0  IpNat - ok
21:48:49.0265 0x0fa0  [ FE56897B27ED266F9C4E7D90A0B5DA47, 6B39D25FAFBA886ACF3ABC0A2946E053914B80C3F4769AD36279126C5D4970B6 ] iPod Service    

C:\Program Files\iPod\bin\iPodService.exe
21:48:49.0281 0x0fa0  iPod Service - ok
21:48:49.0296 0x0fa0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           

C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:48:49.0296 0x0fa0  IPSec - ok
21:48:49.0328 0x0fa0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          

C:\WINDOWS\system32\DRIVERS\irenum.sys
21:48:49.0328 0x0fa0  IRENUM - ok
21:48:49.0343 0x0fa0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          

C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:48:49.0359 0x0fa0  isapnp - ok
21:48:49.0484 0x0fa0  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ]

JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:48:49.0500 0x0fa0  JavaQuickStarterService - ok
21:48:49.0546 0x0fa0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:48:49.0546 0x0fa0  Kbdclass - ok
21:48:49.0593 0x0fa0  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          

C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:48:49.0593 0x0fa0  kbdhid - ok
21:48:49.0609 0x0fa0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          

C:\WINDOWS\system32\drivers\kmixer.sys
21:48:49.0625 0x0fa0  kmixer - ok
21:48:49.0671 0x0fa0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          

C:\WINDOWS\system32\drivers\KSecDD.sys
21:48:49.0687 0x0fa0  KSecDD - ok
21:48:49.0703 0x0fa0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    

C:\WINDOWS\System32\srvsvc.dll
21:48:49.0718 0x0fa0  lanmanserver - ok
21:48:49.0765 0x0fa0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] LanmanWorkstation

C:\WINDOWS\System32\wkssvc.dll
21:48:49.0781 0x0fa0  LanmanWorkstation - ok
21:48:49.0781 0x0fa0  lbrtfdc - ok
21:48:49.0843 0x0fa0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         

C:\WINDOWS\System32\lmhsvc.dll
21:48:49.0843 0x0fa0  LmHosts - ok
21:48:49.0890 0x0fa0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       

C:\WINDOWS\System32\msgsvc.dll
21:48:49.0890 0x0fa0  Messenger - ok
21:48:49.0937 0x0fa0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           

C:\WINDOWS\system32\drivers\mnmdd.sys
21:48:49.0937 0x0fa0  mnmdd - ok
21:48:50.0000 0x0fa0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         

C:\WINDOWS\System32\mnmsrvc.exe
21:48:50.0000 0x0fa0  mnmsrvc - ok
21:48:50.0015 0x0fa0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           

C:\WINDOWS\system32\drivers\Modem.sys
21:48:50.0031 0x0fa0  Modem - ok
21:48:50.0078 0x0fa0  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        

C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:48:50.0078 0x0fa0  MODEMCSA - ok
21:48:50.0093 0x0fa0  [ C6A08C4F34B3048A73BBB2951150F98D, 1224299C9CBFAA9F7A4969890D32255E5C520415FA56B810B5A77D03FD16484F ] mohfilt         

C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:48:50.0093 0x0fa0  mohfilt - ok
21:48:50.0109 0x0fa0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        

C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:48:50.0109 0x0fa0  Mouclass - ok
21:48:50.0109 0x0fa0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        

C:\WINDOWS\system32\drivers\MountMgr.sys
21:48:50.0125 0x0fa0  MountMgr - ok
21:48:50.0187 0x0fa0  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance

C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:48:50.0203 0x0fa0  MozillaMaintenance - ok
21:48:50.0203 0x0fa0  mraid35x - ok
21:48:50.0218 0x0fa0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:48:50.0218 0x0fa0  MRxDAV - ok
21:48:50.0281 0x0fa0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:48:50.0296 0x0fa0  MRxSmb - ok
21:48:50.0343 0x0fa0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           

C:\WINDOWS\System32\msdtc.exe
21:48:50.0359 0x0fa0  MSDTC - ok
21:48:50.0375 0x0fa0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            

C:\WINDOWS\system32\drivers\Msfs.sys
21:48:50.0375 0x0fa0  Msfs - ok
21:48:50.0375 0x0fa0  MSIServer - ok
21:48:50.0437 0x0fa0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         

C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:48:50.0437 0x0fa0  MSKSSRV - ok
21:48:50.0437 0x0fa0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:48:50.0453 0x0fa0  MSPCLOCK - ok
21:48:50.0453 0x0fa0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           

C:\WINDOWS\system32\drivers\MSPQM.sys
21:48:50.0453 0x0fa0  MSPQM - ok
21:48:50.0484 0x0fa0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:48:50.0484 0x0fa0  mssmbios - ok
21:48:50.0515 0x0fa0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             

C:\WINDOWS\system32\drivers\Mup.sys
21:48:50.0515 0x0fa0  Mup - ok
21:48:50.0578 0x0fa0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        

C:\WINDOWS\System32\qagentrt.dll
21:48:50.0593 0x0fa0  napagent - ok
21:48:50.0625 0x0fa0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            

C:\WINDOWS\system32\drivers\NDIS.sys
21:48:50.0640 0x0fa0  NDIS - ok
21:48:50.0687 0x0fa0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:48:50.0687 0x0fa0  NdisTapi - ok
21:48:50.0703 0x0fa0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:48:50.0703 0x0fa0  Ndisuio - ok
21:48:50.0718 0x0fa0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:48:50.0718 0x0fa0  NdisWan - ok
21:48:50.0765 0x0fa0  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         

C:\WINDOWS\system32\drivers\NDProxy.sys
21:48:50.0765 0x0fa0  NDProxy - ok
21:48:50.0812 0x0fa0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         

C:\WINDOWS\system32\DRIVERS\netbios.sys
21:48:50.0812 0x0fa0  NetBIOS - ok
21:48:50.0843 0x0fa0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           

C:\WINDOWS\system32\DRIVERS\netbt.sys
21:48:50.0859 0x0fa0  NetBT - ok
21:48:50.0906 0x0fa0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          

C:\WINDOWS\system32\netdde.exe
21:48:50.0906 0x0fa0  NetDDE - ok
21:48:50.0921 0x0fa0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      

C:\WINDOWS\system32\netdde.exe
21:48:50.0937 0x0fa0  NetDDEdsdm - ok
21:48:50.0968 0x0fa0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        

C:\WINDOWS\system32\lsass.exe
21:48:50.0984 0x0fa0  Netlogon - ok
21:48:51.0031 0x0fa0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          

C:\WINDOWS\System32\netman.dll
21:48:51.0031 0x0fa0  Netman - ok
21:48:51.0093 0x0fa0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:48:51.0093 0x0fa0  NetTcpPortSharing - ok
21:48:51.0156 0x0fa0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             

C:\WINDOWS\System32\mswsock.dll
21:48:51.0156 0x0fa0  Nla - ok
21:48:51.0218 0x0fa0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            

C:\WINDOWS\system32\drivers\Npfs.sys
21:48:51.0218 0x0fa0  Npfs - ok
21:48:51.0234 0x0fa0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            

C:\WINDOWS\system32\drivers\Ntfs.sys
21:48:51.0250 0x0fa0  Ntfs - ok
21:48:51.0281 0x0fa0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         

C:\WINDOWS\system32\lsass.exe
21:48:51.0281 0x0fa0  NtLmSsp - ok
21:48:51.0328 0x0fa0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         

C:\WINDOWS\system32\ntmssvc.dll
21:48:51.0343 0x0fa0  NtmsSvc - ok
21:48:51.0375 0x0fa0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            

C:\WINDOWS\system32\drivers\Null.sys
21:48:51.0375 0x0fa0  Null - ok
21:48:51.0421 0x0fa0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:48:51.0437 0x0fa0  NwlnkFlt - ok
21:48:51.0437 0x0fa0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:48:51.0437 0x0fa0  NwlnkFwd - ok
21:48:51.0484 0x0fa0  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            

C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
21:48:51.0484 0x0fa0  OMCI - ok
21:48:51.0531 0x0fa0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:48:51.0531 0x0fa0  ose - ok
21:48:51.0578 0x0fa0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         

C:\WINDOWS\system32\DRIVERS\parport.sys
21:48:51.0578 0x0fa0  Parport - ok
21:48:51.0609 0x0fa0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         

C:\WINDOWS\system32\drivers\PartMgr.sys
21:48:51.0609 0x0fa0  PartMgr - ok
21:48:51.0656 0x0fa0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          

C:\WINDOWS\system32\drivers\ParVdm.sys
21:48:51.0656 0x0fa0  ParVdm - ok
21:48:51.0687 0x0fa0  [ D0084A9ADE989FE703E4F22171F4E4DC, 26626D9E52422705F45E68700F47179AF126AFB6E77E892E8FAE169FE224C402 ] PCANDIS5        

C:\WINDOWS\system32\PCANDIS5.SYS
21:48:51.0703 0x0fa0  PCANDIS5 - ok
21:48:51.0703 0x0fa0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             

C:\WINDOWS\system32\DRIVERS\pci.sys
21:48:51.0703 0x0fa0  PCI - ok
21:48:51.0718 0x0fa0  PCIDump - ok
21:48:51.0718 0x0fa0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          

C:\WINDOWS\system32\DRIVERS\pciide.sys
21:48:51.0734 0x0fa0  PCIIde - ok
21:48:51.0796 0x0fa0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          

C:\WINDOWS\system32\drivers\Pcmcia.sys
21:48:51.0796 0x0fa0  Pcmcia - ok
21:48:51.0812 0x0fa0  PDCOMP - ok
21:48:51.0812 0x0fa0  PDFRAME - ok
21:48:51.0828 0x0fa0  PDRELI - ok
21:48:51.0828 0x0fa0  PDRFRAME - ok
21:48:51.0843 0x0fa0  perc2 - ok
21:48:51.0843 0x0fa0  perc2hib - ok
21:48:51.0890 0x0fa0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        

C:\WINDOWS\system32\services.exe
21:48:51.0890 0x0fa0  PlugPlay - ok
21:48:51.0906 0x0fa0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     

C:\WINDOWS\System32\lsass.exe
21:48:51.0906 0x0fa0  PolicyAgent - ok
21:48:51.0921 0x0fa0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    

C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:48:51.0937 0x0fa0  PptpMiniport - ok
21:48:51.0937 0x0fa0  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       

C:\WINDOWS\system32\DRIVERS\processr.sys
21:48:51.0953 0x0fa0  Processor - ok
21:48:51.0953 0x0fa0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage

C:\WINDOWS\system32\lsass.exe
21:48:51.0968 0x0fa0  ProtectedStorage - ok
21:48:51.0968 0x0fa0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          

C:\WINDOWS\system32\DRIVERS\psched.sys
21:48:51.0968 0x0fa0  PSched - ok
21:48:52.0015 0x0fa0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         

C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:48:52.0015 0x0fa0  Ptilink - ok
21:48:52.0046 0x0fa0  [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20        

C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:48:52.0062 0x0fa0  PxHelp20 - ok
21:48:52.0062 0x0fa0  ql1080 - ok
21:48:52.0078 0x0fa0  Ql10wnt - ok
21:48:52.0078 0x0fa0  ql12160 - ok
21:48:52.0093 0x0fa0  ql1240 - ok
21:48:52.0093 0x0fa0  ql1280 - ok
21:48:52.0109 0x0fa0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          

C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:48:52.0109 0x0fa0  RasAcd - ok
21:48:52.0156 0x0fa0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         

C:\WINDOWS\System32\rasauto.dll
21:48:52.0171 0x0fa0  RasAuto - ok
21:48:52.0187 0x0fa0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:48:52.0203 0x0fa0  Rasl2tp - ok
21:48:52.0250 0x0fa0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          

C:\WINDOWS\System32\rasmans.dll
21:48:52.0265 0x0fa0  RasMan - ok
21:48:52.0281 0x0fa0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:48:52.0281 0x0fa0  RasPppoe - ok
21:48:52.0281 0x0fa0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          

C:\WINDOWS\system32\DRIVERS\raspti.sys
21:48:52.0296 0x0fa0  Raspti - ok
21:48:52.0312 0x0fa0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           

C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:48:52.0312 0x0fa0  Rdbss - ok
21:48:52.0328 0x0fa0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:48:52.0328 0x0fa0  RDPCDD - ok
21:48:52.0390 0x0fa0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           

C:\WINDOWS\system32\drivers\RDPWD.sys
21:48:52.0390 0x0fa0  RDPWD - ok
21:48:52.0453 0x0fa0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       

C:\WINDOWS\system32\sessmgr.exe
21:48:52.0453 0x0fa0  RDSessMgr - ok
21:48:52.0484 0x0fa0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         

C:\WINDOWS\system32\DRIVERS\redbook.sys
21:48:52.0484 0x0fa0  redbook - ok
21:48:52.0531 0x0fa0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    

C:\WINDOWS\System32\mprdim.dll
21:48:52.0531 0x0fa0  RemoteAccess - ok
21:48:52.0546 0x0fa0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      

C:\WINDOWS\system32\locator.exe
21:48:52.0562 0x0fa0  RpcLocator - ok
21:48:52.0593 0x0fa0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           

C:\WINDOWS\System32\rpcss.dll
21:48:52.0609 0x0fa0  RpcSs - ok
21:48:52.0671 0x0fa0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            

C:\WINDOWS\System32\rsvp.exe
21:48:52.0687 0x0fa0  RSVP - ok
21:48:52.0703 0x0fa0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           

C:\WINDOWS\system32\lsass.exe
21:48:52.0718 0x0fa0  SamSs - ok
21:48:52.0765 0x0fa0  [ 5BF35C4EA3F00FA8D3F1E5BF03D24584, F2B57EACE3E5259793D245243530537123EA87304432B91F12C1397F14D5D8D6 ] SASDIFSV        

C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:48:52.0765 0x0fa0  SASDIFSV - ok
21:48:52.0781 0x0fa0  [ A22F08C98AC2F44587BF3A1FB52BF8CD, 9FEBA5491AE674C7B37C5089E491E2FF74A444DA902E3CE2B15867DDE5166901 ] SASENUM         

C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:48:52.0781 0x0fa0  SASENUM - ok
21:48:52.0812 0x0fa0  [ 81C02EA5F88CA4125E579384DFD75E3A, 78E34E4BE437EECECEE3F2B81155D55A65B43E0B02E9E8580E0B4BE29167AF39 ] SASKUTIL        

C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
21:48:52.0812 0x0fa0  SASKUTIL - ok
21:48:52.0843 0x0fa0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        

C:\WINDOWS\System32\SCardSvr.exe
21:48:52.0859 0x0fa0  SCardSvr - ok
21:48:52.0906 0x0fa0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        

C:\WINDOWS\system32\schedsvc.dll
21:48:52.0921 0x0fa0  Schedule - ok
21:48:52.0953 0x0fa0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          

C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:48:52.0953 0x0fa0  Secdrv - ok
21:48:52.0984 0x0fa0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        

C:\WINDOWS\System32\seclogon.dll
21:48:53.0000 0x0fa0  seclogon - ok
21:48:53.0062 0x0fa0  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt         

C:\WINDOWS\system32\drivers\senfilt.sys
21:48:53.0078 0x0fa0  senfilt - ok
21:48:53.0093 0x0fa0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            

C:\WINDOWS\system32\sens.dll
21:48:53.0109 0x0fa0  SENS - ok
21:48:53.0109 0x0fa0  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         

C:\WINDOWS\system32\DRIVERS\serenum.sys
21:48:53.0125 0x0fa0  serenum - ok
21:48:53.0171 0x0fa0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          

C:\WINDOWS\system32\DRIVERS\serial.sys
21:48:53.0171 0x0fa0  Serial - ok
21:48:53.0203 0x0fa0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         

C:\WINDOWS\system32\drivers\Sfloppy.sys
21:48:53.0218 0x0fa0  Sfloppy - ok
21:48:53.0265 0x0fa0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    

C:\WINDOWS\System32\ipnathlp.dll
21:48:53.0281 0x0fa0  SharedAccess - ok
21:48:53.0296 0x0fa0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection

C:\WINDOWS\System32\shsvcs.dll
21:48:53.0312 0x0fa0  ShellHWDetection - ok
21:48:53.0328 0x0fa0  Simbad - ok
21:48:53.0390 0x0fa0  [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm           

C:\WINDOWS\system32\drivers\smwdm.sys
21:48:53.0390 0x0fa0  smwdm - ok
21:48:53.0500 0x0fa0  [ 6D56C3583376842191B30048CB2147C5, 1320110E87936CF02919D6AD613AF67040855D8B84322C9F675F87A6BBE1E5E8 ] SP Software

Installer C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
21:48:53.0500 0x0fa0  SP Software Installer - ok
21:48:53.0515 0x0fa0  Sparrow - ok
21:48:53.0531 0x0fa0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        

C:\WINDOWS\system32\drivers\splitter.sys
21:48:53.0531 0x0fa0  splitter - ok
21:48:53.0578 0x0fa0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         

C:\WINDOWS\system32\spoolsv.exe
21:48:53.0593 0x0fa0  Spooler - ok
21:48:53.0593 0x0fa0  sp_spi_da - ok
21:48:53.0609 0x0fa0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              

C:\WINDOWS\system32\DRIVERS\sr.sys
21:48:53.0609 0x0fa0  sr - ok
21:48:53.0671 0x0fa0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       

C:\WINDOWS\System32\srsvc.dll
21:48:53.0687 0x0fa0  srservice - ok
21:48:53.0734 0x0fa0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             

C:\WINDOWS\system32\DRIVERS\srv.sys
21:48:53.0750 0x0fa0  Srv - ok
21:48:53.0781 0x0fa0  [ 6D83FF6722BAF7E82A4521DBEC363E5A, 53FFC91EF83B7CE790DEA5C2CF05E74872E5E3AB47D53E914528BD673AD974FF ] ssadbus         

C:\WINDOWS\system32\DRIVERS\ssadbus.sys
21:48:53.0796 0x0fa0  ssadbus - ok
21:48:53.0828 0x0fa0  [ 5AE42E90F99749E0E35B9989A2D0275C, F31704FE4D269ED08DB9F0D1987854F4164A0175429A52B3041F042A42DB41AA ] ssadmdfl        

C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
21:48:53.0828 0x0fa0  ssadmdfl - ok
21:48:53.0859 0x0fa0  [ 9285D8ABA50A4D6482B1574448F9EB76, A8DEFE1F60A40F660A8D0C4425650A2A80A454E64E01A36DC659C82E89568320 ] ssadmdm         

C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
21:48:53.0859 0x0fa0  ssadmdm - ok
21:48:53.0906 0x0fa0  [ 8E6F645A098AA8E2E0947EEE70DCCB89, D34F33F54FD4D9E744B668A3D70D36DE0C9C46C1F9DF40861BB52868EE75EB6A ] ssadserd        

C:\WINDOWS\system32\DRIVERS\ssadserd.sys
21:48:53.0906 0x0fa0  ssadserd - ok
21:48:53.0937 0x0fa0  [ 7C0C9BDCA2D351FF3B4F9B69F99AA995, 5488688E084353DD7CEF5A986729983DB9FAB10DE75D9A42B44DDF65A71E6D72 ] sscdbhk5        

C:\WINDOWS\system32\drivers\sscdbhk5.sys
21:48:53.0937 0x0fa0  sscdbhk5 - ok
21:48:54.0000 0x0fa0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         

C:\WINDOWS\System32\ssdpsrv.dll
21:48:54.0000 0x0fa0  SSDPSRV - ok
21:48:54.0015 0x0fa0  [ 31726706D54894D5059F7471111A87BB, 22B3BF816974757B723B4B7E9EC55B038D7017E895D7A526D75EFDE74BF6F788 ] ssrtln          

C:\WINDOWS\system32\drivers\ssrtln.sys
21:48:54.0015 0x0fa0  ssrtln - ok
21:48:54.0046 0x0fa0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          

C:\WINDOWS\system32\wiaservc.dll
21:48:54.0078 0x0fa0  stisvc - ok
21:48:54.0125 0x0fa0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          

C:\WINDOWS\system32\DRIVERS\swenum.sys
21:48:54.0125 0x0fa0  swenum - ok
21:48:54.0140 0x0fa0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          

C:\WINDOWS\system32\drivers\swmidi.sys
21:48:54.0140 0x0fa0  swmidi - ok
21:48:54.0156 0x0fa0  SwPrv - ok
21:48:54.0171 0x0fa0  symc810 - ok
21:48:54.0171 0x0fa0  symc8xx - ok
21:48:54.0187 0x0fa0  sym_hi - ok
21:48:54.0187 0x0fa0  sym_u3 - ok
21:48:54.0203 0x0fa0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        

C:\WINDOWS\system32\drivers\sysaudio.sys
21:48:54.0203 0x0fa0  sysaudio - ok
21:48:54.0250 0x0fa0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       

C:\WINDOWS\system32\smlogsvc.exe
21:48:54.0265 0x0fa0  SysmonLog - ok
21:48:54.0296 0x0fa0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         

C:\WINDOWS\System32\tapisrv.dll
21:48:54.0312 0x0fa0  TapiSrv - ok
21:48:54.0375 0x0fa0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           

C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:48:54.0390 0x0fa0  Tcpip - ok
21:48:54.0421 0x0fa0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          

C:\WINDOWS\system32\drivers\TDPIPE.sys
21:48:54.0437 0x0fa0  TDPIPE - ok
21:48:54.0437 0x0fa0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           

C:\WINDOWS\system32\drivers\TDTCP.sys
21:48:54.0437 0x0fa0  TDTCP - ok
21:48:54.0468 0x0fa0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          

C:\WINDOWS\system32\DRIVERS\termdd.sys
21:48:54.0468 0x0fa0  TermDD - ok
21:48:54.0531 0x0fa0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     

C:\WINDOWS\System32\termsrv.dll
21:48:54.0546 0x0fa0  TermService - ok
21:48:54.0593 0x0fa0  [ B0D311F33C5B4A5858E4E6C965A79267, 37E4F350224F28683A3466C8277DE249991150B8102CE4FDFABF55D9CBD676C2 ] tfsnboio        

C:\WINDOWS\system32\dla\tfsnboio.sys
21:48:54.0593 0x0fa0  tfsnboio - ok
21:48:54.0609 0x0fa0  [ 250F74FCE5D1ECCB29AD9ABEB55F35D8, E047AA02073E78522580B2F2E001F6AB04B8FA4D3E3ACC1B37B74C8CF360B553 ] tfsncofs        

C:\WINDOWS\system32\dla\tfsncofs.sys
21:48:54.0609 0x0fa0  tfsncofs - ok
21:48:54.0609 0x0fa0  [ E23291934C59E1741BA83582E7A209C0, 613EB25E68E0F19C280DAE0523357AC0925DA8CA77D7C0CCEC439611418B26AD ] tfsndrct        

C:\WINDOWS\system32\dla\tfsndrct.sys
21:48:54.0609 0x0fa0  tfsndrct - ok
21:48:54.0640 0x0fa0  [ 0D863D020633025F1E4AD3E0E325D503, 109C8FC3B29441ED083842E44734FB2C06609E0C74B8A375661CD46FD3A2FF9E ] tfsndres        

C:\WINDOWS\system32\dla\tfsndres.sys
21:48:54.0640 0x0fa0  tfsndres - ok
21:48:54.0640 0x0fa0  [ E3E10696663E35062851A376299198BD, 92CCFA3C2D7BEA693B920433BA0AEE2E9E1EF286B821C53C37AA1A7B7E7C2029 ] tfsnifs         

C:\WINDOWS\system32\dla\tfsnifs.sys
21:48:54.0640 0x0fa0  tfsnifs - ok
21:48:54.0656 0x0fa0  [ 00CC366BDCBD8A9A1C95C1C59900DD9B, 26B27479AF246DD0909F0D8BE1B5AC040EA8F2E42420DE1D9F23F537C07E1B3D ] tfsnopio        

C:\WINDOWS\system32\dla\tfsnopio.sys
21:48:54.0656 0x0fa0  tfsnopio - ok
21:48:54.0671 0x0fa0  [ 84A91D08F49831E8C24E4D25DDEFAE87, F4A90E312E3D298D450795ECBD7895499BBED33E7DEBCC38F017219F3F6ABAA1 ] tfsnpool        

C:\WINDOWS\system32\dla\tfsnpool.sys
21:48:54.0671 0x0fa0  tfsnpool - ok
21:48:54.0671 0x0fa0  [ 55B761C6E2D4FCEDAC3B46B6C0724830, 40E5717627B8C40A0D270022594A2E53F8C8C0019A1346EB61ECF372BA05484E ] tfsnudf         

C:\WINDOWS\system32\dla\tfsnudf.sys
21:48:54.0687 0x0fa0  tfsnudf - ok
21:48:54.0687 0x0fa0  [ 64C6E8C217E30EE595120C66F6E783BA, 0B2A681076CE3782C85037387E1EC61D4D2087311520FDAF7750A6739B9BC1B9 ] tfsnudfa        

C:\WINDOWS\system32\dla\tfsnudfa.sys
21:48:54.0703 0x0fa0  tfsnudfa - ok
21:48:54.0718 0x0fa0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          

C:\WINDOWS\System32\shsvcs.dll
21:48:54.0734 0x0fa0  Themes - ok
21:48:54.0734 0x0fa0  TosIde - ok
21:48:54.0796 0x0fa0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          

C:\WINDOWS\system32\trkwks.dll
21:48:54.0812 0x0fa0  TrkWks - ok
21:48:54.0828 0x0fa0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            

C:\WINDOWS\system32\drivers\Udfs.sys
21:48:54.0828 0x0fa0  Udfs - ok
21:48:54.0843 0x0fa0  ultra - ok
21:48:54.0906 0x0fa0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          

C:\WINDOWS\system32\DRIVERS\update.sys
21:48:54.0921 0x0fa0  Update - ok
21:48:54.0968 0x0fa0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        

C:\WINDOWS\System32\upnphost.dll
21:48:54.0984 0x0fa0  upnphost - ok
21:48:55.0000 0x0fa0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             

C:\WINDOWS\System32\ups.exe
21:48:55.0015 0x0fa0  UPS - ok
21:48:55.0046 0x0fa0  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         

C:\WINDOWS\system32\Drivers\usbaapl.sys
21:48:55.0046 0x0fa0  USBAAPL - ok
21:48:55.0078 0x0fa0  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        

C:\WINDOWS\system32\drivers\usbaudio.sys
21:48:55.0078 0x0fa0  usbaudio - ok
21:48:55.0125 0x0fa0  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         

C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:48:55.0125 0x0fa0  usbccgp - ok
21:48:55.0140 0x0fa0  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         

C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:48:55.0140 0x0fa0  usbehci - ok
21:48:55.0203 0x0fa0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          

C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:48:55.0203 0x0fa0  usbhub - ok
21:48:55.0218 0x0fa0  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        

C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:48:55.0234 0x0fa0  usbprint - ok
21:48:55.0265 0x0fa0  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         

C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:48:55.0281 0x0fa0  usbscan - ok
21:48:55.0281 0x0fa0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:48:55.0281 0x0fa0  usbstor - ok
21:48:55.0312 0x0fa0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:48:55.0328 0x0fa0  usbuhci - ok
21:48:55.0375 0x0fa0  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx      

C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:48:55.0375 0x0fa0  usb_rndisx - ok
21:48:55.0390 0x0fa0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         

C:\WINDOWS\System32\drivers\vga.sys
21:48:55.0390 0x0fa0  VgaSave - ok
21:48:55.0406 0x0fa0  ViaIde - ok
21:48:55.0453 0x0fa0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         

C:\WINDOWS\system32\drivers\VolSnap.sys
21:48:55.0468 0x0fa0  VolSnap - ok
21:48:55.0468 0x0fa0  vsdatant - ok
21:48:55.0531 0x0fa0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             

C:\WINDOWS\System32\vssvc.exe
21:48:55.0546 0x0fa0  VSS - ok
21:48:55.0578 0x0fa0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         

C:\WINDOWS\System32\w32time.dll
21:48:55.0593 0x0fa0  W32Time - ok
21:48:55.0609 0x0fa0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          

C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:48:55.0609 0x0fa0  Wanarp - ok
21:48:55.0671 0x0fa0  [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000        

C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:48:55.0687 0x0fa0  Wdf01000 - ok
21:48:55.0687 0x0fa0  WDICA - ok
21:48:55.0734 0x0fa0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          

C:\WINDOWS\system32\drivers\wdmaud.sys
21:48:55.0734 0x0fa0  wdmaud - ok
21:48:55.0781 0x0fa0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       

C:\WINDOWS\System32\webclnt.dll
21:48:55.0796 0x0fa0  WebClient - ok
21:48:55.0906 0x0fa0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         

C:\WINDOWS\system32\wbem\WMIsvc.dll
21:48:55.0906 0x0fa0  winmgmt - ok
21:48:55.0968 0x0fa0  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        

C:\WINDOWS\system32\MsPMSNSv.dll
21:48:55.0984 0x0fa0  WmdmPmSN - ok
21:48:56.0015 0x0fa0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        

C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:48:56.0031 0x0fa0  WmiApSrv - ok
21:48:56.0140 0x0fa0  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   

C:\Program Files\Windows Media Player\WMPNetwk.exe
21:48:56.0156 0x0fa0  WMPNetworkSvc - ok
21:48:56.0187 0x0fa0  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          

C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:48:56.0203 0x0fa0  WpdUsb - ok
21:48:56.0359 0x0fa0  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:48:56.0375 0x0fa0  WPFFontCache_v0400 - ok
21:48:56.0421 0x0fa0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          

C:\WINDOWS\system32\wscsvc.dll
21:48:56.0437 0x0fa0  wscsvc - ok
21:48:56.0484 0x0fa0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        

C:\WINDOWS\system32\wuauserv.dll
21:48:56.0500 0x0fa0  wuauserv - ok
21:48:56.0546 0x0fa0  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:48:56.0546 0x0fa0  WudfPf - ok
21:48:56.0578 0x0fa0  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:48:56.0578 0x0fa0  WudfRd - ok
21:48:56.0609 0x0fa0  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         

C:\WINDOWS\System32\WUDFSvc.dll
21:48:56.0625 0x0fa0  WudfSvc - ok
21:48:56.0671 0x0fa0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          

C:\WINDOWS\System32\wzcsvc.dll
21:48:56.0687 0x0fa0  WZCSVC - ok
21:48:56.0718 0x0fa0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         

C:\WINDOWS\System32\xmlprov.dll
21:48:56.0734 0x0fa0  xmlprov - ok
21:48:56.0765 0x0fa0  ================ Scan global ===============================
21:48:56.0812 0x0fa0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ]

C:\WINDOWS\system32\basesrv.dll
21:48:56.0843 0x0fa0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ]

C:\WINDOWS\system32\winsrv.dll
21:48:56.0875 0x0fa0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ]

C:\WINDOWS\system32\winsrv.dll
21:48:56.0906 0x0fa0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ]

C:\WINDOWS\system32\services.exe
21:48:56.0921 0x0fa0  [ Global ] - ok
21:48:56.0921 0x0fa0  ================ Scan MBR ==================================
21:48:56.0953 0x0fa0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:48:57.0125 0x0fa0  \Device\Harddisk0\DR0 - ok
21:48:57.0140 0x0fa0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:48:57.0312 0x0fa0  \Device\Harddisk1\DR1 - ok
21:48:57.0312 0x0fa0  ================ Scan VBR ==================================
21:48:57.0328 0x0fa0  [ C0AB6B20BAE0316D489BE0B3FB47F0CF ] \Device\Harddisk0\DR0\Partition1
21:48:57.0328 0x0fa0  \Device\Harddisk0\DR0\Partition1 - ok
21:48:57.0343 0x0fa0  [ D882D339A79F17EBE013DF8059C7A918 ] \Device\Harddisk1\DR1\Partition1
21:48:57.0343 0x0fa0  \Device\Harddisk1\DR1\Partition1 - ok
21:48:57.0343 0x0fa0  Waiting for KSN requests completion. In queue: 220
21:48:58.0343 0x0fa0  Waiting for KSN requests completion. In queue: 220
21:48:59.0343 0x0fa0  Waiting for KSN requests completion. In queue: 220
21:49:00.0375 0x0fa0  AV detected via SS1: avast! Antivirus, 5.0.150996950, enabled, updated
21:49:00.0375 0x0fa0  FW detected via SS1: COMODO Firewall, 3.9, enabled
21:49:02.0859 0x0fa0  ============================================================
21:49:02.0859 0x0fa0  Scan finished
21:49:02.0859 0x0fa0  ============================================================
21:49:02.0859 0x0c10  Detected object count: 0
21:49:02.0859 0x0c10  Actual detected object count: 0
 

 

AdwareCleaner:

 

# AdwCleaner v3.010 - Report created 29/10/2013 at 21:55:53
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Steven - DELL8400
# Running from : C:\Documents and Settings\Steven\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\0mnrr5jr.default\prefs.js ]


[ File : C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\1v13nppu.default\prefs.js ]


[ File : C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\xx2v8q4k.default\prefs.js ]


[ File : C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\2axm2rfj.default\prefs.js ]


[ File : C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\2rude2at.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Holly\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3516 octets] - [22/10/2013 22:37:40]
AdwCleaner[R1].txt - [1606 octets] - [29/10/2013 21:55:53]
AdwCleaner[S0].txt - [3601 octets] - [22/10/2013 22:40:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1726 octets] ##########
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 29 October 2013 - 09:29 PM

Hi,
 
Don't worry about the files being detected right now.   :)
 
81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 

Please read through these instructions to familarize yourself with what to expect when this tool runs
 
Download ComboFix from one of these locations:
 
Link 1
Link 2
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 


RCUpdate1.png

 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
RC2-1.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
Notes:
 
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 IceSkater74

IceSkater74
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 30 October 2013 - 09:13 PM

Jeff:

 

1. At the beginning of this session I still got an Avast pop up about sp_SWIns.exe suspected of being a root kit. I ignored it.

2. Below are the scans.

3. At the end of this post I will shutdown and wait for your reply.

4. Avast had a problem enabling a shield; perhaps a reboot will fix it.

 

# Username : Steven - DELL8400
# Running from : C:\Documents and Settings\Steven\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Steven\Application Data\Mozilla\Firefox\Profiles\0mnrr5jr.default\prefs.js ]


[ File : C:\Documents and Settings\Evan\Application Data\Mozilla\Firefox\Profiles\1v13nppu.default\prefs.js ]


[ File : C:\Documents and Settings\Holly\Application Data\Mozilla\Firefox\Profiles\xx2v8q4k.default\prefs.js ]


[ File : C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\2axm2rfj.default\prefs.js ]


[ File : C:\Documents and Settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\2rude2at.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Steven\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Holly\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Elizabeth\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3516 octets] - [22/10/2013 22:37:40]
AdwCleaner[R1].txt - [1806 octets] - [29/10/2013 21:55:53]
AdwCleaner[R2].txt - [1927 octets] - [30/10/2013 21:22:04]
AdwCleaner[S0].txt - [3601 octets] - [22/10/2013 22:40:51]
AdwCleaner[S1].txt - [1867 octets] - [29/10/2013 22:21:52]
AdwCleaner[S2].txt - [1848 octets] - [30/10/2013 21:24:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1908 octets] ##########





ComboFix 13-10-30.01 - Steven 10/30/2013  21:42:25.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1555 [GMT -4:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-28 to 2013-10-31  )))))))))))))))))))))))))))))))
.
.
2013-10-23 02:46 . 2013-10-23 02:46    --------    d-----w-    c:\documents and settings\Steven\Application Data\AVAST Software
2013-10-23 02:35 . 2013-10-31 01:24    --------    d-----w-    C:\AdwCleaner
2013-10-23 01:26 . 2013-10-23 01:26    --------    d-----w-    c:\program files\HitmanPro
2013-10-23 01:24 . 2013-10-23 01:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\HitmanPro
2013-10-23 00:15 . 2013-10-23 00:15    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-10-13 22:49 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-13 22:49 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-13 22:48 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-13 22:48 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-13 22:48 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-13 22:48 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-23 01:07 . 2013-03-16 20:02    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-10-23 01:07 . 2013-03-16 20:02    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-23 01:07 . 2013-03-16 20:02    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-10-23 01:07 . 2012-12-05 03:50    403440    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-10-23 01:07 . 2012-12-05 03:50    35656    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-10-23 01:07 . 2012-12-05 03:50    54832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-10-23 01:07 . 2012-12-05 03:50    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-10-23 01:07 . 2012-12-05 03:50    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-10-23 01:07 . 2012-12-05 03:49    269216    ----a-w-    c:\windows\system32\aswBoot.exe
2013-10-23 01:07 . 2010-07-20 01:44    43152    ----a-w-    c:\windows\avastSS.scr
2013-10-09 01:28 . 2012-05-25 12:05    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-09 01:28 . 2011-05-30 16:40    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2006-06-23 15:33    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2003-07-16 20:32    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2003-07-16 20:30    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2003-07-16 20:25    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-04 05:59    385024    ----a-w-    c:\windows\system32\html.iec
2013-08-29 01:31 . 2003-07-16 20:51    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2003-07-16 20:48    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2003-07-16 20:49    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2003-07-16 20:49    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2003-07-16 20:49    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2005-07-26 04:31    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 18:18 . 2006-10-19 01:47    1543680    ------w-    c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-23 01:07    321752    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-23 3567800]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05    356352    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Steven\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/16/2013 4:02 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/16/2013 4:02 PM 178304]
R1 A2DDA;A2 Direct Disk Access Support Driver;d:\malware\Run\a2ddax86.sys [10/22/2013 9:41 PM 22056]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/4/2012 11:50 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/4/2012 11:50 PM 403440]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 32640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/4/2012 11:50 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/16/2013 4:02 PM 70384]
R3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter®;c:\windows\system32\drivers\bkusbxp.sys [7/5/2009 8:52 PM 99584]
S3 AMBroker;Access Manager Configuration Service;"c:\program files\AccessManager\Client\AMBroker.exe" --> c:\program files\AccessManager\Client\AMBroker.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [8/14/2013 10:48 PM 30312]
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;c:\windows\system32\BWNDIS5.SYS [3/10/2004 4:50 PM 15744]
S3 cleanhlp;cleanhlp;d:\malware\Run\cleanhlp32.sys [10/22/2013 9:41 PM 50200]
S3 DAPlugin;Visual Insight DA Plugin;c:\program files\AccessManager\Client\DAPlugin.exe --> c:\program files\AccessManager\Client\DAPlugin.exe [?]
S3 gupdate1ca14b354736792;Google Update Service (gupdate1ca14b354736792);c:\program files\Google\Update\GoogleUpdate.exe [8/3/2009 11:26 PM 133104]
S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 sp_spi_da;Visual Insight Dial Analysis;c:\program files\AccessManager\SMOC\spi_da.exe --> c:\program files\AccessManager\SMOC\spi_da.exe [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/14/2013 10:48 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [8/14/2013 10:48 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [8/14/2013 10:48 PM 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [8/14/2013 10:48 PM 98152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-31 01:14    1185744    ----a-w-    c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 01:28]
.
2013-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2013-10-31 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-05 01:07]
.
2013-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 03:26]
.
2013-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 03:26]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1645522239-725345543-1004Core.job
- c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 21:22]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1645522239-725345543-1004UA.job
- c:\documents and settings\Steven\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-26 21:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\0mnrr5jr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: !HIDDEN! 2009-07-12 20:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-12-01 18:03; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-25000184.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-30 21:51
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(720)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2013-10-30  21:53:44
ComboFix-quarantined-files.txt  2013-10-31 01:53
ComboFix2.txt  2012-04-04 02:25
.
Pre-Run: 144,460,705,792 bytes free
Post-Run: 145,715,019,776 bytes free
.
- - End Of File - - 1D57696168F15BCAB9FBF657A90970FC
8F558EB6672622401DA993E1E865C861
 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 31 October 2013 - 01:25 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\program files\AccessManager\SMOC\spi_da.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 IceSkater74

IceSkater74
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 31 October 2013 - 09:15 PM

Jeff:

 

1. Small problem: after "Choose File" and entering "c:\program files\AccessManager\SMOC\spi_da.exe" I got "Path does not exist. Please verify the correct path was given." I did run the file that gave Avast problems and another one in the same directory with a similar name (see below).

 

c:\Program files\AccessManager\PMAC\sp_SWIns.exe

https://www.virustotal.com/en/file/1320110e87936cf02919d6ad613af67040855d8b84322c9f675f87a6bbe1e5e8/analysis/1383270295/

 

c:\Program files\AccessManager\PMAC\_sp_SWIns.exe

https://www.virustotal.com/en/file/1320110e87936cf02919d6ad613af67040855d8b84322c9f675f87a6bbe1e5e8/analysis/1383270701/

 

2. Then I ran a search on the computer looking for the file "spi_da.exe" choosing to search system folder, hidden files and folders, and subfolders. The search found nothing.

 

3. I then looked for sp*_*.exe, *SMOC", and *spi_da* and nothing was found.



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 01 November 2013 - 09:56 AM

Ok no worries.  :)

 

How is your system behaving now?  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 IceSkater74

IceSkater74
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 01 November 2013 - 12:47 PM

Avast still complains that sp_SWIns.exe is a suspicious file/root kit, offers to delete it, and do a boot scan the next time I power up. I have accepted the offer in times past but the alert still keeps popping up. I have been declining the offer since we started running scans. See note #10 on my initial post. Could this be a phishing attack?



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 01 November 2013 - 09:06 PM

I am leaning towards a False Positive actually....  Let me look into this more.  I will return as quickly as I can.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 03 November 2013 - 10:06 AM

I have contacted a colleague and am waiting on an answer, but I believe this is just going to be a false positive.  :)  I will get back with you as soon as I know something or need more information.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 04 November 2013 - 01:22 PM

Hi,

 

Sorry for any delay...let's get an online scan and see what it has to say.  :)

 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 IceSkater74

IceSkater74
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 04 November 2013 - 11:07 PM

Hi:

 

Eset is running very slowly. I hope I remembered to uncheck "Remove found threats." 

 

This scan will need to run over night. Hopefully in the morning I'll have a result. Til then...



#14 IceSkater74

IceSkater74
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 05 November 2013 - 06:07 AM

The scan took 4 hours. I think I forgot to uncheck delete remove found threats. I'll leave the computer on at the screen where I can go either way as it is giving me the option now of delete quaranteened file and uninstall application on close. Note that I do not use Spybot on this computer.

 

Scan:

 

C:\WINDOWS\system32\Process.exe    Win32/PrcView application    cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeatr.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn1.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn2.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDelfrtk2.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDelfrtk6.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
D:\Downloads\SmitfraudFix\Process.exe    Win32/PrcView application    cleaned by deleting - quarantined
D:\Downloads\SmitfraudFix\restart.exe    Win32/Shutdown.NAA application    cleaned by deleting - quarantined



#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:12 PM

Posted 05 November 2013 - 07:28 AM

Yes ESET can take quite some time to complete.  Looks like you have had a bad infection on here at one time where Spybot once quarantined it?  

 

How is your system behaving?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users