Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Baylon and Conduit Viruses


  • This topic is locked This topic is locked
20 replies to this topic

#1 Mammoth_rib

Mammoth_rib

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 21 November 2013 - 10:35 AM

Hello everyone,

 

In the past two days, my browser has slowed down a bit, I'm getting the occasional random popup ad while surfing "ordinary" websites (Facebook, Yahoo), and I've found one program automatically installed on my computer which I did not download myself.

 

Both Malwarebytes and AdwCleaner have detected the two names mentioned in the topic title.  Having once had near disastrous results when trying to fix a previous infection myself, I figured this time I'd bring my problems here for proper instruction.

 

Any help you can offer is greatly appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520
Run by 0467 Home User at 9:12:28 on 2013-11-21
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.1383 [GMT -6:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Users\0467 Home User\AppData\Local\Akamai\netsession_win.exe
C:\Users\0467 Home User\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\C2MP\UpdateChecker.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Users\0467 Home User\Desktop\AdwCleaner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [EPSON Stylus CX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_SD177.tmp" /EF "HKCU"
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe
uRun: [Akamai NetSession Interface] "c:\users\0467 home user\appdata\local\akamai\netsession_win.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ConduitFloatingPlugin_ffekppndigniegkobcngkdmaadbhhonj] "c:\windows\system32\rundll32.exe" "c:\program files\conduit\ct3306058\plugins\TBVerifier.dll",RunConduitFloatingPlugin ffekppndigniegkobcngkdmaadbhhonj
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codecp~1.lnk - c:\windows\system32\c2mp\UpdateChecker.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.0.1
TCP: Interfaces\{5A7565AE-22B9-469D-B456-2F2EAD521EBD} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\0467 home user\appdata\roaming\mozilla\firefox\profiles\2mk4c7tl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN20488996673240311&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - gamefaqs.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&SearchSource=2&CUI=UN20488996673240311&UM=2&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: !HIDDEN! 2009-10-25 10:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - b02d30b30000000000000021973b3530
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15985
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.622:40:24
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122786&tsp=5028
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2013-9-17 49240]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-9-17 188808]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-9-17 134248]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2013-9-17 37416]
R2 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2013-3-1 107760]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2013-3-1 1951472]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2013-9-12 1337752]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-20 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-20 701512]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-20 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2013-11-21 07:48:08    --------    d-----w-    C:\AdwCleaner
2013-11-21 04:49:28    --------    d-----w-    c:\users\0467 home user\appdata\roaming\Malwarebytes
2013-11-21 04:49:13    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-21 04:49:10    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-21 04:49:10    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-20 02:02:49    --------    d-----w-    c:\windows\system32\C2MP
2013-11-20 01:49:44    --------    d-----w-    c:\users\0467 home user\appdata\local\NativeMessaging
2013-11-20 01:49:42    --------    d-----w-    c:\users\0467 home user\appdata\local\CRE
2013-11-20 01:49:40    --------    d-----w-    c:\program files\Conduit
2013-11-20 01:48:53    --------    d-----w-    c:\users\0467 home user\appdata\roaming\CBS Interactive
2013-11-19 16:58:44    7772552    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{9e39bb83-e638-40a1-8d35-f7d3ba72210a}\mpengine.dll
2013-11-15 08:38:32    --------    d-----w-    c:\program files\Blue Coat K9 Web Protection
2013-11-14 04:24:04    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-11-14 04:23:57    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-14 04:23:57    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-14 04:23:22    993792    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-10 01:24:46    --------    d-----w-    c:\users\0467 home user\dwhelper
2013-11-06 19:18:19    --------    d-----w-    c:\program files\RMPrepUSB
2013-11-06 18:42:01    --------    d-----w-    c:\users\0467 home user\appdata\roaming\SanDisk SecureAccess
2013-10-29 01:16:59    --------    d-----w-    c:\users\0467 home user\appdata\roaming\ESET
2013-10-29 01:16:59    --------    d-----w-    c:\users\0467 home user\appdata\local\ESET
2013-10-29 01:00:11    --------    d-----w-    c:\program files\ESET
.
==================== Find3M  ====================
.
2013-10-22 05:10:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-22 05:10:17    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-13 09:48:06    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-13 09:35:52    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-13 09:35:38    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-10-13 09:30:14    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-10-13 09:29:02    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-10-13 09:25:39    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-17 20:17:38    49240    ----a-w-    c:\windows\system32\drivers\epfwwfp.sys
2013-09-17 20:17:38    37416    ----a-w-    c:\windows\system32\drivers\EpfwLWF.sys
2013-09-17 20:17:38    188808    ----a-w-    c:\windows\system32\drivers\eamonm.sys
2013-09-17 20:17:38    174400    ----a-w-    c:\windows\system32\drivers\epfw.sys
2013-09-17 20:17:38    134248    ----a-w-    c:\windows\system32\drivers\ehdrv.sys
2013-09-03 19:35:12    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-09-01 22:23:50    39904    ----a-w-    c:\windows\system32\DiscHandler.exe
2013-08-30 03:54:26    3915776    ----a-w-    c:\windows\system32\ffmpeg.dll
2013-08-30 03:53:34    112640    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-08-30 03:53:22    3502592    ----a-w-    c:\windows\system32\ffdshow.ax
2013-08-30 03:51:58    99840    ----a-w-    c:\windows\system32\ff_wmv9.dll
2013-08-30 03:51:54    157184    ----a-w-    c:\windows\system32\ff_unrar.dll
2013-08-30 03:51:50    147456    ----a-w-    c:\windows\system32\ff_libmad.dll
2013-08-30 03:51:48    211968    ----a-w-    c:\windows\system32\ff_libdts.dll
2013-08-30 03:51:48    1525760    ----a-w-    c:\windows\system32\ff_samplerate.dll
2013-08-30 03:51:48    114688    ----a-w-    c:\windows\system32\ff_liba52.dll
2013-08-30 03:51:40    271360    ----a-w-    c:\windows\system32\TomsMoComp_ff.dll
2013-08-30 03:51:40    136704    ----a-w-    c:\windows\system32\libmpeg2_ff.dll
2013-08-29 07:36:04    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-08-27 02:47:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52:08    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28:36    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-08-27 01:28:35    798208    ----a-w-    c:\windows\system32\FntCache.dll
.
============= FINISH:  9:13:42.68 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 21 November 2013 - 11:00 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Mammoth_rib

Mammoth_rib
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 21 November 2013 - 11:11 AM

Hello Marius,

 

Thanks for your reply.  No malicious items were detected in the scan.  Here is the log:

 

10:08:32.0193 0x1538  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:08:34.0191 0x1538  ============================================================
10:08:34.0191 0x1538  Current date / time: 2013/11/21 10:08:34.0191
10:08:34.0191 0x1538  SystemInfo:
10:08:34.0192 0x1538  
10:08:34.0192 0x1538  OS Version: 6.0.6002 ServicePack: 2.0
10:08:34.0192 0x1538  Product type: Workstation
10:08:34.0192 0x1538  ComputerName: 0467HOMEUSER-PC
10:08:34.0192 0x1538  UserName: 0467 Home User
10:08:34.0192 0x1538  Windows directory: C:\Windows
10:08:34.0192 0x1538  System windows directory: C:\Windows
10:08:34.0192 0x1538  Processor architecture: Intel x86
10:08:34.0192 0x1538  Number of processors: 2
10:08:34.0192 0x1538  Page size: 0x1000
10:08:34.0192 0x1538  Boot type: Normal boot
10:08:34.0192 0x1538  ============================================================
10:08:34.0407 0x1538  KLMD registered as C:\Windows\system32\drivers\11542968.sys
10:08:34.0598 0x1538  System UUID: {3A6CEEC2-49F9-A122-CD21-2E891FB19A3D}
10:08:35.0254 0x1538  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:08:35.0281 0x1538  Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:35.0282 0x1538  ============================================================
10:08:35.0282 0x1538  \Device\Harddisk0\DR0:
10:08:35.0287 0x1538  MBR partitions:
10:08:35.0287 0x1538  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BB42BC5
10:08:35.0287 0x1538  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB42C04, BlocksNum 0x168197D
10:08:35.0287 0x1538  \Device\Harddisk1\DR1:
10:08:35.0288 0x1538  MBR partitions:
10:08:35.0288 0x1538  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xEE448D
10:08:35.0288 0x1538  ============================================================
10:08:35.0306 0x1538  C: <-> \Device\Harddisk0\DR0\Partition1
10:08:35.0351 0x1538  D: <-> \Device\Harddisk0\DR0\Partition2
10:08:35.0353 0x1538  F: <-> \Device\Harddisk1\DR1\Partition1
10:08:35.0353 0x1538  ============================================================
10:08:35.0353 0x1538  Initialize success
10:08:35.0353 0x1538  ============================================================
10:08:46.0938 0x1688  ============================================================
10:08:46.0938 0x1688  Scan started
10:08:46.0938 0x1688  Mode: Manual;
10:08:46.0938 0x1688  ============================================================
10:08:46.0938 0x1688  KSN ping started
10:08:49.0438 0x1688  KSN ping finished: true
10:08:49.0982 0x1688  ================ Scan system memory ========================
10:08:49.0982 0x1688  System memory - ok
10:08:49.0983 0x1688  ================ Scan services =============================
10:08:50.0468 0x1688  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
10:08:50.0475 0x1688  ACPI - ok
10:08:50.0602 0x1688  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:50.0610 0x1688  AdobeFlashPlayerUpdateSvc - ok
10:08:50.0688 0x1688  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:08:50.0699 0x1688  adp94xx - ok
10:08:50.0737 0x1688  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:08:50.0746 0x1688  adpahci - ok
10:08:50.0769 0x1688  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
10:08:50.0772 0x1688  adpu160m - ok
10:08:50.0801 0x1688  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:08:50.0805 0x1688  adpu320 - ok
10:08:50.0849 0x1688  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:08:50.0851 0x1688  AeLookupSvc - ok
10:08:50.0907 0x1688  [ A7B8A3A79D35215D798A300DF49ED23F, D441633C0F8E22F8976B95D6A3DCD552AA07C616AC5FE4379472954F7BE6075E ] Afc             C:\Windows\system32\drivers\Afc.sys
10:08:50.0908 0x1688  Afc - ok
10:08:51.0022 0x1688  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
10:08:51.0030 0x1688  AFD - ok
10:08:51.0146 0x1688  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:08:51.0148 0x1688  agp440 - ok
10:08:51.0191 0x1688  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
10:08:51.0193 0x1688  aic78xx - ok
10:08:51.0453 0x1688  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
10:08:51.0456 0x1688  ALG - ok
10:08:51.0480 0x1688  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
10:08:51.0481 0x1688  aliide - ok
10:08:51.0521 0x1688  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:08:51.0523 0x1688  amdagp - ok
10:08:51.0551 0x1688  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
10:08:51.0552 0x1688  amdide - ok
10:08:51.0581 0x1688  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
10:08:51.0583 0x1688  AmdK7 - ok
10:08:51.0611 0x1688  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:08:51.0613 0x1688  AmdK8 - ok
10:08:51.0667 0x1688  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
10:08:51.0668 0x1688  Appinfo - ok
10:08:51.0772 0x1688  [ 4B5AE15E5C73EB4DC8DBEC2788230D41, E3C69EBDFE979387EFB115971F68C9539BD9C6944F3AE4D356AA6AC814F19D76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:08:51.0776 0x1688  Apple Mobile Device - ok
10:08:51.0830 0x1688  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
10:08:51.0832 0x1688  arc - ok
10:08:51.0883 0x1688  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:08:51.0886 0x1688  arcsas - ok
10:08:51.0918 0x1688  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:51.0920 0x1688  AsyncMac - ok
10:08:51.0952 0x1688  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
10:08:51.0953 0x1688  atapi - ok
10:08:52.0031 0x1688  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:08:52.0040 0x1688  AudioEndpointBuilder - ok
10:08:52.0075 0x1688  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:08:52.0083 0x1688  Audiosrv - ok
10:08:52.0154 0x1688  [ 3C287FFC8F44069AF4C43B843DAA5CD9, A34016601CFB5CC075AA301F92F72D739A3B90DFE9E39B9F97A59D6CE95A77F2 ] bckd            C:\Windows\system32\drivers\bckd.sys
10:08:52.0158 0x1688  bckd - ok
10:08:52.0317 0x1688  [ EA829DD3D50F53BF9D2C5C9DA120E60D, 1496BFA74EC889F94B7C315DE82B88169458161DB13E649DEA5CA2923A8D1B7C ] bckwfs          C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
10:08:52.0363 0x1688  bckwfs - ok
10:08:52.0408 0x1688  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:08:52.0408 0x1688  Beep - ok
10:08:52.0470 0x1688  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
10:08:52.0480 0x1688  BFE - ok
10:08:52.0560 0x1688  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
10:08:52.0581 0x1688  BITS - ok
10:08:52.0605 0x1688  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:08:52.0607 0x1688  blbdrive - ok
10:08:52.0666 0x1688  [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:08:52.0673 0x1688  Bonjour Service - ok
10:08:52.0712 0x1688  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:08:52.0714 0x1688  bowser - ok
10:08:52.0750 0x1688  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
10:08:52.0751 0x1688  BrFiltLo - ok
10:08:52.0772 0x1688  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
10:08:52.0773 0x1688  BrFiltUp - ok
10:08:52.0799 0x1688  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
10:08:52.0802 0x1688  Browser - ok
10:08:52.0829 0x1688  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
10:08:52.0832 0x1688  Brserid - ok
10:08:52.0852 0x1688  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
10:08:52.0855 0x1688  BrSerWdm - ok
10:08:52.0880 0x1688  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
10:08:52.0881 0x1688  BrUsbMdm - ok
10:08:52.0898 0x1688  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
10:08:52.0899 0x1688  BrUsbSer - ok
10:08:52.0933 0x1688  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:08:52.0934 0x1688  BTHMODEM - ok
10:08:52.0979 0x1688  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:08:52.0982 0x1688  cdfs - ok
10:08:53.0030 0x1688  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:08:53.0032 0x1688  cdrom - ok
10:08:53.0087 0x1688  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
10:08:53.0089 0x1688  CertPropSvc - ok
10:08:53.0121 0x1688  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:08:53.0122 0x1688  circlass - ok
10:08:53.0170 0x1688  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
10:08:53.0177 0x1688  CLFS - ok
10:08:53.0244 0x1688  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:53.0247 0x1688  clr_optimization_v2.0.50727_32 - ok
10:08:53.0318 0x1688  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:53.0322 0x1688  clr_optimization_v4.0.30319_32 - ok
10:08:53.0357 0x1688  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:08:53.0358 0x1688  cmdide - ok
10:08:53.0379 0x1688  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:08:53.0380 0x1688  Compbatt - ok
10:08:53.0387 0x1688  COMSysApp - ok
10:08:53.0412 0x1688  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:08:53.0413 0x1688  crcdisk - ok
10:08:53.0438 0x1688  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
10:08:53.0440 0x1688  Crusoe - ok
10:08:53.0498 0x1688  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:08:53.0502 0x1688  CryptSvc - ok
10:08:53.0567 0x1688  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:08:53.0585 0x1688  DcomLaunch - ok
10:08:53.0623 0x1688  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:08:53.0626 0x1688  DfsC - ok
10:08:53.0867 0x1688  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
10:08:53.0918 0x1688  DFSR - ok
10:08:53.0992 0x1688  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
10:08:53.0998 0x1688  Dhcp - ok
10:08:54.0049 0x1688  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
10:08:54.0051 0x1688  disk - ok
10:08:54.0099 0x1688  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:08:54.0102 0x1688  Dnscache - ok
10:08:54.0133 0x1688  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
10:08:54.0139 0x1688  dot3svc - ok
10:08:54.0194 0x1688  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
10:08:54.0199 0x1688  DPS - ok
10:08:54.0257 0x1688  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:08:54.0257 0x1688  drmkaud - ok
10:08:54.0320 0x1688  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:08:54.0335 0x1688  DXGKrnl - ok
10:08:54.0365 0x1688  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
10:08:54.0368 0x1688  E1G60 - ok
10:08:54.0427 0x1688  [ CECB58460674339202F79BA1345D8527, 1032E726D64C3432704FE90A7B63A37E854A83389AD3A997C0916628C452F71F ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
10:08:54.0432 0x1688  eamonm - ok
10:08:54.0486 0x1688  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
10:08:54.0489 0x1688  EapHost - ok
10:08:54.0542 0x1688  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
10:08:54.0546 0x1688  Ecache - ok
10:08:54.0617 0x1688  [ C79916F203E1A2CBBE99F22D6E5D21DA, 84749E7067927AD437D38BEFEA12B40C3E849216F26338F707694918206C4C2A ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
10:08:54.0621 0x1688  ehdrv - ok
10:08:54.0668 0x1688  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:08:54.0676 0x1688  ehRecvr - ok
10:08:54.0723 0x1688  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
10:08:54.0727 0x1688  ehSched - ok
10:08:54.0755 0x1688  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
10:08:54.0756 0x1688  ehstart - ok
10:08:54.0960 0x1688  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
10:08:54.0993 0x1688  ekrn - ok
10:08:55.0066 0x1688  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:08:55.0075 0x1688  elxstor - ok
10:08:55.0139 0x1688  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
10:08:55.0155 0x1688  EMDMgmt - ok
10:08:55.0195 0x1688  [ 4B6B2C930CD076F8BDEE683512EE05E8, 37C1182044047FBB98E208C8CFF36BDB47F1617A57F7F7B2331E0F7BDD0A653D ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
10:08:55.0200 0x1688  epfw - ok
10:08:55.0256 0x1688  [ BDC856F11F2A8F4C9B4A59B29A33569B, ADD91A760F57C73FE6574EABBCB2F3F897A45C8DD0DE26BBFF2CCD5891FDBA6C ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
10:08:55.0258 0x1688  EpfwLWF - ok
10:08:55.0294 0x1688  [ 6EB4485DDAFCA013D35ED4E158ADE05B, FCB62340EF7E4472BDA04C97FB9DD68E79A06606CFB6C1CE93DDFFFDE1E44D06 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
10:08:55.0296 0x1688  epfwwfp - ok
10:08:55.0344 0x1688  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:08:55.0345 0x1688  ErrDev - ok
10:08:55.0404 0x1688  esgiguard - ok
10:08:55.0456 0x1688  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
10:08:55.0463 0x1688  EventSystem - ok
10:08:55.0524 0x1688  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:08:55.0528 0x1688  exfat - ok
10:08:55.0554 0x1688  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:08:55.0558 0x1688  fastfat - ok
10:08:55.0613 0x1688  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:08:55.0614 0x1688  fdc - ok
10:08:55.0635 0x1688  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
10:08:55.0637 0x1688  fdPHost - ok
10:08:55.0646 0x1688  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:08:55.0649 0x1688  FDResPub - ok
10:08:55.0692 0x1688  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:08:55.0694 0x1688  FileInfo - ok
10:08:55.0712 0x1688  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:08:55.0713 0x1688  Filetrace - ok
10:08:55.0733 0x1688  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:55.0735 0x1688  flpydisk - ok
10:08:55.0793 0x1688  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:08:55.0798 0x1688  FltMgr - ok
10:08:55.0877 0x1688  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
10:08:55.0897 0x1688  FontCache - ok
10:08:55.0958 0x1688  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:08:55.0959 0x1688  FontCache3.0.0.0 - ok
10:08:56.0002 0x1688  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:08:56.0003 0x1688  Fs_Rec - ok
10:08:56.0045 0x1688  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:08:56.0047 0x1688  gagp30kx - ok
10:08:56.0142 0x1688  [ 67CF4C2E7477B9A01DF07E38AF293414, 97DE62637E66D8FA5DDE5247270030C362326D073824A3D1CF6056B5CB5C72CB ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
10:08:56.0148 0x1688  GameConsoleService - ok
10:08:56.0181 0x1688  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:08:56.0183 0x1688  GEARAspiWDM - ok
10:08:56.0247 0x1688  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
10:08:56.0262 0x1688  gpsvc - ok
10:08:56.0350 0x1688  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:08:56.0356 0x1688  gupdate - ok
10:08:56.0379 0x1688  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:08:56.0382 0x1688  gupdatem - ok
10:08:56.0444 0x1688  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:08:56.0462 0x1688  HDAudBus - ok
10:08:56.0495 0x1688  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:08:56.0497 0x1688  HidBth - ok
10:08:56.0529 0x1688  [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:08:56.0531 0x1688  HidIr - ok
10:08:56.0590 0x1688  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
10:08:56.0592 0x1688  hidserv - ok
10:08:56.0644 0x1688  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:08:56.0646 0x1688  HidUsb - ok
10:08:56.0666 0x1688  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:08:56.0671 0x1688  hkmsvc - ok
10:08:56.0741 0x1688  [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
10:08:56.0745 0x1688  HP Health Check Service - ok
10:08:56.0778 0x1688  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
10:08:56.0780 0x1688  HpCISSs - ok
10:08:56.0872 0x1688  [ 78C88781FBD2FDD3BCBA09F58897FE45, 697EB8F3E4969691F7CCA3D644B6D01A8C0AA394EF152AB5E78AF3AAF52F2555 ] HSF_DP          C:\Windows\system32\DRIVERS\HSX_DP.sys
10:08:56.0980 0x1688  HSF_DP - ok
10:08:57.0006 0x1688  [ 1E289F978D1E6F11DB88D4FCB2F9D92F, D372BFF77A204342D5B15E42CB95478DB85B8BE9BEB48B5D8FD120435A622DA5 ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
10:08:57.0023 0x1688  HSXHWBS2 - ok
10:08:57.0073 0x1688  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:08:57.0099 0x1688  HTTP - ok
10:08:57.0118 0x1688  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
10:08:57.0121 0x1688  i2omp - ok
10:08:57.0163 0x1688  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:08:57.0166 0x1688  i8042prt - ok
10:08:57.0202 0x1688  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
10:08:57.0211 0x1688  iaStorV - ok
10:08:57.0306 0x1688  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:08:57.0348 0x1688  idsvc - ok
10:08:57.0379 0x1688  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:08:57.0381 0x1688  iirsp - ok
10:08:57.0445 0x1688  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:08:57.0458 0x1688  IKEEXT - ok
10:08:57.0621 0x1688  [ 0E70E4485F0ED782248E26353A08D312, 8DC057CC9D081EDFF5736A381FB18E3ED284E459308D59C667C708596BE92107 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:08:57.0737 0x1688  IntcAzAudAddService - ok
10:08:57.0795 0x1688  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
10:08:57.0797 0x1688  intelide - ok
10:08:57.0831 0x1688  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:08:57.0834 0x1688  intelppm - ok
10:08:57.0868 0x1688  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:08:57.0873 0x1688  IPBusEnum - ok
10:08:57.0891 0x1688  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:57.0893 0x1688  IpFilterDriver - ok
10:08:57.0929 0x1688  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:08:57.0935 0x1688  iphlpsvc - ok
10:08:57.0942 0x1688  IpInIp - ok
10:08:57.0979 0x1688  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
10:08:57.0983 0x1688  IPMIDRV - ok
10:08:58.0009 0x1688  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
10:08:58.0013 0x1688  IPNAT - ok
10:08:58.0083 0x1688  [ 7A3611564FCE7C8BE50B03F58CB3EB7D, 45F6CCE4CAEC37E79E133F1ED1E4D191E4C093D7FDFC290C7117D410B84533CF ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:08:58.0114 0x1688  iPod Service - ok
10:08:58.0130 0x1688  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:08:58.0132 0x1688  IRENUM - ok
10:08:58.0168 0x1688  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:08:58.0171 0x1688  isapnp - ok
10:08:58.0223 0x1688  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:08:58.0240 0x1688  iScsiPrt - ok
10:08:58.0262 0x1688  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
10:08:58.0264 0x1688  iteatapi - ok
10:08:58.0298 0x1688  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
10:08:58.0300 0x1688  iteraid - ok
10:08:58.0325 0x1688  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:08:58.0327 0x1688  kbdclass - ok
10:08:58.0357 0x1688  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:08:58.0359 0x1688  kbdhid - ok
10:08:58.0400 0x1688  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
10:08:58.0402 0x1688  KeyIso - ok
10:08:58.0430 0x1688  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:08:58.0455 0x1688  KSecDD - ok
10:08:58.0521 0x1688  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:08:58.0531 0x1688  KtmRm - ok
10:08:58.0578 0x1688  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:08:58.0584 0x1688  LanmanServer - ok
10:08:58.0631 0x1688  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:08:58.0638 0x1688  LanmanWorkstation - ok
10:08:58.0729 0x1688  [ E75ADCFAFDEF3F4C3AF3332928D59926, 66E07C46235B89F72D2C1D0BBD0CF9F7EA6C21D583087146B6882A370A97CD08 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:08:58.0743 0x1688  LightScribeService - ok
10:08:58.0775 0x1688  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:08:58.0778 0x1688  lltdio - ok
10:08:58.0845 0x1688  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:08:58.0866 0x1688  lltdsvc - ok
10:08:58.0886 0x1688  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:08:58.0889 0x1688  lmhosts - ok
10:08:58.0937 0x1688  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:08:58.0953 0x1688  LSI_FC - ok
10:08:58.0981 0x1688  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:08:58.0986 0x1688  LSI_SAS - ok
10:08:59.0032 0x1688  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:08:59.0036 0x1688  LSI_SCSI - ok
10:08:59.0069 0x1688  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:08:59.0073 0x1688  luafv - ok
10:08:59.0129 0x1688  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:08:59.0131 0x1688  MBAMProtector - ok
10:08:59.0190 0x1688  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:08:59.0217 0x1688  MBAMScheduler - ok
10:08:59.0296 0x1688  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:08:59.0337 0x1688  MBAMService - ok
10:08:59.0375 0x1688  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:08:59.0379 0x1688  Mcx2Svc - ok
10:08:59.0412 0x1688  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:08:59.0414 0x1688  mdmxsdk - ok
10:08:59.0461 0x1688  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
10:08:59.0463 0x1688  megasas - ok
10:08:59.0506 0x1688  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
10:08:59.0519 0x1688  MegaSR - ok
10:08:59.0545 0x1688  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
10:08:59.0548 0x1688  MMCSS - ok
10:08:59.0568 0x1688  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
10:08:59.0570 0x1688  Modem - ok
10:08:59.0587 0x1688  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:08:59.0590 0x1688  monitor - ok
10:08:59.0610 0x1688  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:08:59.0612 0x1688  mouclass - ok
10:08:59.0628 0x1688  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:08:59.0630 0x1688  mouhid - ok
10:08:59.0643 0x1688  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
10:08:59.0646 0x1688  MountMgr - ok
10:08:59.0696 0x1688  [ 5E0686615A80A6279B2314E13CD23F6E, 659931AB2DD395FAA2E5036D02BC6AAE8A7E4C9FF1A902B1FF9C15E878C89E77 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:08:59.0701 0x1688  MozillaMaintenance - ok
10:08:59.0755 0x1688  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:08:59.0760 0x1688  mpio - ok
10:08:59.0780 0x1688  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:08:59.0783 0x1688  mpsdrv - ok
10:08:59.0890 0x1688  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:08:59.0902 0x1688  MpsSvc - ok
10:08:59.0940 0x1688  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
10:08:59.0942 0x1688  Mraid35x - ok
10:08:59.0973 0x1688  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:08:59.0980 0x1688  MRxDAV - ok
10:09:00.0018 0x1688  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:09:00.0024 0x1688  mrxsmb - ok
10:09:00.0104 0x1688  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:09:00.0206 0x1688  mrxsmb10 - ok
10:09:00.0237 0x1688  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:09:00.0242 0x1688  mrxsmb20 - ok
10:09:00.0258 0x1688  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:09:00.0259 0x1688  msahci - ok
10:09:00.0288 0x1688  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:09:00.0292 0x1688  msdsm - ok
10:09:00.0324 0x1688  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
10:09:00.0330 0x1688  MSDTC - ok
10:09:00.0392 0x1688  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:09:00.0394 0x1688  Msfs - ok
10:09:00.0436 0x1688  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:09:00.0437 0x1688  msisadrv - ok
10:09:00.0479 0x1688  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:09:00.0486 0x1688  MSiSCSI - ok
10:09:00.0493 0x1688  msiserver - ok
10:09:00.0548 0x1688  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:09:00.0550 0x1688  MSKSSRV - ok
10:09:00.0560 0x1688  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:09:00.0561 0x1688  MSPCLOCK - ok
10:09:00.0579 0x1688  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:09:00.0581 0x1688  MSPQM - ok
10:09:00.0626 0x1688  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:09:00.0635 0x1688  MsRPC - ok
10:09:00.0652 0x1688  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:09:00.0654 0x1688  mssmbios - ok
10:09:00.0743 0x1688  MSSQL$SQLEXPRESS - ok
10:09:00.0769 0x1688  [ F1761C8FB2B25A32C6D63E36BB88C3AE, C88F5EF7B547DAA2394888362916FA18F07241E0BF2B938297428A1C04FFD806 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:09:00.0772 0x1688  MSSQLServerADHelper100 - ok
10:09:00.0816 0x1688  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:09:00.0827 0x1688  MSTEE - ok
10:09:00.0868 0x1688  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:09:00.0872 0x1688  Mup - ok
10:09:00.0926 0x1688  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
10:09:00.0951 0x1688  napagent - ok
10:09:01.0010 0x1688  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:09:01.0017 0x1688  NativeWifiP - ok
10:09:01.0051 0x1688  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:09:01.0077 0x1688  NDIS - ok
10:09:01.0102 0x1688  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:09:01.0104 0x1688  NdisTapi - ok
10:09:01.0129 0x1688  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:09:01.0131 0x1688  Ndisuio - ok
10:09:01.0171 0x1688  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:09:01.0179 0x1688  NdisWan - ok
10:09:01.0194 0x1688  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:09:01.0197 0x1688  NDProxy - ok
10:09:01.0215 0x1688  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:09:01.0217 0x1688  NetBIOS - ok
10:09:01.0272 0x1688  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
10:09:01.0290 0x1688  netbt - ok
10:09:01.0307 0x1688  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
10:09:01.0309 0x1688  Netlogon - ok
10:09:01.0345 0x1688  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
10:09:01.0353 0x1688  Netman - ok
10:09:01.0385 0x1688  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
10:09:01.0393 0x1688  netprofm - ok
10:09:01.0436 0x1688  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:09:01.0456 0x1688  NetTcpPortSharing - ok
10:09:01.0489 0x1688  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:09:01.0492 0x1688  nfrd960 - ok
10:09:01.0519 0x1688  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:09:01.0525 0x1688  NlaSvc - ok
10:09:01.0558 0x1688  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:09:01.0561 0x1688  Npfs - ok
10:09:01.0595 0x1688  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
10:09:01.0598 0x1688  nsi - ok
10:09:01.0612 0x1688  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:09:01.0614 0x1688  nsiproxy - ok
10:09:01.0702 0x1688  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:09:01.0748 0x1688  Ntfs - ok
10:09:01.0776 0x1688  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
10:09:01.0779 0x1688  ntrigdigi - ok
10:09:01.0795 0x1688  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
10:09:01.0802 0x1688  Null - ok
10:09:01.0944 0x1688  [ D958A2B5F6AD5C3B8CCDC4D7DA62466C, 574DC2C4C1C46E3B6F53E0A14E0595493E73EEE03EA1FF9DD1D3266B414B9941 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
10:09:02.0003 0x1688  NVENETFD - ok
10:09:02.0704 0x1688  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E, 88FA632754A20025F03FE0970C93F572055919F53C8A50E5DB6CF1EF7B00B7FD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:03.0165 0x1688  nvlddmkm - ok
10:09:03.0233 0x1688  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:09:03.0236 0x1688  nvraid - ok
10:09:03.0269 0x1688  [ 085E88101D0D4B321ABF9C7E2B6EE99D, A75D25355A5E065879EA0F343379E6263461ECB93869D08E2ACB144C51DF93D7 ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys
10:09:03.0275 0x1688  nvrd32 - ok
10:09:03.0307 0x1688  [ 62754E376185EACBB73D06FEA0FFC54A, ED02DD8D7BC091AE4E5747254CB9F7B5C8FB293C077F2C40EA0921C22580CA32 ] nvsmu           C:\Windows\system32\drivers\nvsmu.sys
10:09:03.0308 0x1688  nvsmu - ok
10:09:03.0324 0x1688  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:09:03.0327 0x1688  nvstor - ok
10:09:03.0350 0x1688  [ 1199B2052F7861C1D39C2318E70904C9, A3CAE98D7A4023487D6A118D070AFE00A2B8113DF89828F173C69255B2F3C267 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
10:09:03.0354 0x1688  nvstor32 - ok
10:09:03.0449 0x1688  [ 31B8835B003CAA6D31BEAD83DDBF98E5, FB7C7BD1E95BEFB9A8FFEB3FB1B6D9BCD923E48498CB23169EDAA025C84CDD33 ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:09:03.0467 0x1688  nvsvc - ok
10:09:03.0579 0x1688  [ 0629259E3AF6BB0534FCECA208973404, E5DDA62D5D21D5D11A711BBFC5B839B59E336997C0C9A32A0B04AC9FBB6472D4 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:09:03.0646 0x1688  nvUpdatusService - ok
10:09:03.0690 0x1688  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:09:03.0695 0x1688  nv_agp - ok
10:09:03.0702 0x1688  NwlnkFlt - ok
10:09:03.0710 0x1688  NwlnkFwd - ok
10:09:03.0742 0x1688  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:09:03.0761 0x1688  ohci1394 - ok
10:09:03.0812 0x1688  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
10:09:03.0852 0x1688  p2pimsvc - ok
10:09:03.0886 0x1688  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:09:03.0904 0x1688  p2psvc - ok
10:09:03.0928 0x1688  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
10:09:03.0932 0x1688  Parport - ok
10:09:03.0975 0x1688  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:09:03.0978 0x1688  partmgr - ok
10:09:03.0999 0x1688  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
10:09:04.0001 0x1688  Parvdm - ok
10:09:04.0029 0x1688  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:09:04.0032 0x1688  PcaSvc - ok
10:09:04.0105 0x1688  [ 9489C4CF14126A06B061163D2B261C69, DE7CF56E1DA4F9221217D45E7A76A8DEC81758BE4AD6BC110CAB282BFAE93C38 ] PCD5SRVC{BD6912E3-AC9D80E8-05040000} C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
10:09:04.0109 0x1688  PCD5SRVC{BD6912E3-AC9D80E8-05040000} - ok
10:09:04.0151 0x1688  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
10:09:04.0160 0x1688  pci - ok
10:09:04.0172 0x1688  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
10:09:04.0175 0x1688  pciide - ok
10:09:04.0211 0x1688  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:09:04.0228 0x1688  pcmcia - ok
10:09:04.0297 0x1688  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:09:04.0332 0x1688  PEAUTH - ok
10:09:04.0432 0x1688  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
10:09:04.0507 0x1688  pla - ok
10:09:04.0550 0x1688  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:09:04.0559 0x1688  PlugPlay - ok
10:09:04.0595 0x1688  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
10:09:04.0612 0x1688  PNRPAutoReg - ok
10:09:04.0686 0x1688  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
10:09:04.0703 0x1688  PNRPsvc - ok
10:09:04.0751 0x1688  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:09:04.0762 0x1688  PolicyAgent - ok
10:09:04.0794 0x1688  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:09:04.0797 0x1688  PptpMiniport - ok
10:09:04.0822 0x1688  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
10:09:04.0825 0x1688  Processor - ok
10:09:04.0881 0x1688  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
10:09:04.0888 0x1688  ProfSvc - ok
10:09:04.0897 0x1688  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
10:09:04.0899 0x1688  ProtectedStorage - ok
10:09:04.0933 0x1688  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
10:09:04.0935 0x1688  PSched - ok
10:09:05.0034 0x1688  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:09:05.0078 0x1688  ql2300 - ok
10:09:05.0103 0x1688  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:09:05.0112 0x1688  ql40xx - ok
10:09:05.0144 0x1688  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
10:09:05.0161 0x1688  QWAVE - ok
10:09:05.0185 0x1688  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:09:05.0187 0x1688  QWAVEdrv - ok
10:09:05.0198 0x1688  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:09:05.0199 0x1688  RasAcd - ok
10:09:05.0214 0x1688  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
10:09:05.0220 0x1688  RasAuto - ok
10:09:05.0237 0x1688  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:05.0242 0x1688  Rasl2tp - ok
10:09:05.0283 0x1688  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
10:09:05.0300 0x1688  RasMan - ok
10:09:05.0339 0x1688  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:05.0342 0x1688  RasPppoe - ok
10:09:05.0376 0x1688  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:09:05.0380 0x1688  RasSstp - ok
10:09:05.0423 0x1688  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:09:05.0441 0x1688  rdbss - ok
10:09:05.0469 0x1688  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:05.0471 0x1688  RDPCDD - ok
10:09:05.0506 0x1688  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
10:09:05.0516 0x1688  rdpdr - ok
10:09:05.0524 0x1688  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:09:05.0526 0x1688  RDPENCDD - ok
10:09:05.0580 0x1688  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:09:05.0589 0x1688  RDPWD - ok
10:09:05.0633 0x1688  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:09:05.0639 0x1688  RemoteAccess - ok
10:09:05.0673 0x1688  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:09:05.0682 0x1688  RemoteRegistry - ok
10:09:05.0695 0x1688  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
10:09:05.0698 0x1688  RpcLocator - ok
10:09:05.0754 0x1688  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
10:09:05.0770 0x1688  RpcSs - ok
10:09:05.0846 0x1688  [ FEDD2710B75BE3ECF078ADACE790C423, C4EF46A5064180145C923DF08EEE58218945950202DF96519A10B28AFA68D923 ] RsFx0102        C:\Windows\system32\DRIVERS\RsFx0102.sys
10:09:05.0864 0x1688  RsFx0102 - ok
10:09:05.0892 0x1688  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:09:05.0895 0x1688  rspndr - ok
10:09:05.0905 0x1688  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
10:09:05.0907 0x1688  SamSs - ok
10:09:05.0948 0x1688  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:09:05.0964 0x1688  sbp2port - ok
10:09:06.0042 0x1688  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:09:06.0066 0x1688  SCardSvr - ok
10:09:06.0166 0x1688  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
10:09:06.0190 0x1688  Schedule - ok
10:09:06.0232 0x1688  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:09:06.0234 0x1688  SCPolicySvc - ok
10:09:06.0262 0x1688  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:09:06.0269 0x1688  SDRSVC - ok
10:09:06.0290 0x1688  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:09:06.0292 0x1688  secdrv - ok
10:09:06.0314 0x1688  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
10:09:06.0317 0x1688  seclogon - ok
10:09:06.0328 0x1688  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
10:09:06.0334 0x1688  SENS - ok
10:09:06.0354 0x1688  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:09:06.0356 0x1688  Serenum - ok
10:09:06.0379 0x1688  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
10:09:06.0384 0x1688  Serial - ok
10:09:06.0405 0x1688  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:09:06.0408 0x1688  sermouse - ok
10:09:06.0454 0x1688  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:09:06.0461 0x1688  SessionEnv - ok
10:09:06.0485 0x1688  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:09:06.0487 0x1688  sffdisk - ok
10:09:06.0504 0x1688  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:09:06.0506 0x1688  sffp_mmc - ok
10:09:06.0526 0x1688  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:09:06.0528 0x1688  sffp_sd - ok
10:09:06.0551 0x1688  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:09:06.0554 0x1688  sfloppy - ok
10:09:06.0601 0x1688  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:09:06.0633 0x1688  SharedAccess - ok
10:09:06.0683 0x1688  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:09:06.0691 0x1688  ShellHWDetection - ok
10:09:06.0714 0x1688  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:09:06.0717 0x1688  sisagp - ok
10:09:06.0747 0x1688  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
10:09:06.0751 0x1688  SiSRaid2 - ok
10:09:06.0776 0x1688  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:09:06.0781 0x1688  SiSRaid4 - ok
10:09:07.0099 0x1688  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:09:07.0241 0x1688  Skype C2C Service - ok
10:09:07.0330 0x1688  [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:09:07.0348 0x1688  SkypeUpdate - ok
10:09:07.0535 0x1688  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
10:09:07.0620 0x1688  slsvc - ok
10:09:07.0691 0x1688  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
10:09:07.0700 0x1688  SLUINotify - ok
10:09:07.0742 0x1688  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:09:07.0746 0x1688  Smb - ok
10:09:07.0791 0x1688  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:09:07.0799 0x1688  SNMPTRAP - ok
10:09:07.0823 0x1688  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:09:07.0825 0x1688  spldr - ok
10:09:07.0875 0x1688  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
10:09:07.0883 0x1688  Spooler - ok
10:09:07.0962 0x1688  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\Windows\system32\Drivers\sptd.sys
10:09:07.0963 0x1688  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
10:09:07.0965 0x1688  sptd - detected LockedFile.Multi.Generic ( 1 )
10:09:10.0522 0x1688  Detect skipped due to KSN trusted
10:09:10.0522 0x1688  sptd - ok
10:09:10.0644 0x1688  [ EB2FD937449B7ACEB39372F875EB8E78, ED99556AF0E342F534FE8A1B24C254FEE841CBD683CD3528B2D05C809765EAC3 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:09:10.0665 0x1688  SQLAgent$SQLEXPRESS - ok
10:09:10.0693 0x1688  [ 99DE6ACFA5CA83FAD6A765C81C6F129F, E152BEBFA302BDB1BEF53F1B4C710BE2EA6DC5AD9D04704575B73B1D464CD582 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:09:10.0703 0x1688  SQLBrowser - ok
10:09:10.0744 0x1688  [ 637A0F23F9012358E92E6F99835494D1, 5399EF5C35D58B6902F470BF5F851C96CBD83CAD77658917C46867B91D7D9442 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:09:10.0748 0x1688  SQLWriter - ok
10:09:10.0792 0x1688  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:09:10.0809 0x1688  srv - ok
10:09:10.0857 0x1688  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:09:10.0865 0x1688  srv2 - ok
10:09:10.0881 0x1688  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:09:10.0893 0x1688  srvnet - ok
10:09:10.0919 0x1688  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:09:10.0926 0x1688  SSDPSRV - ok
10:09:10.0975 0x1688  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:09:10.0981 0x1688  SstpSvc - ok
10:09:11.0043 0x1688  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:09:11.0046 0x1688  StillCam - ok
10:09:11.0133 0x1688  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
10:09:11.0150 0x1688  stisvc - ok
10:09:11.0175 0x1688  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:09:11.0178 0x1688  swenum - ok
10:09:11.0225 0x1688  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
10:09:11.0243 0x1688  swprv - ok
10:09:11.0274 0x1688  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
10:09:11.0281 0x1688  Symc8xx - ok
10:09:11.0304 0x1688  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
10:09:11.0307 0x1688  Sym_hi - ok
10:09:11.0326 0x1688  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
10:09:11.0329 0x1688  Sym_u3 - ok
10:09:11.0385 0x1688  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
10:09:11.0403 0x1688  SysMain - ok
10:09:11.0433 0x1688  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:09:11.0438 0x1688  TabletInputService - ok
10:09:11.0508 0x1688  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:09:11.0524 0x1688  TapiSrv - ok
10:09:11.0542 0x1688  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
10:09:11.0547 0x1688  TBS - ok
10:09:11.0623 0x1688  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:09:11.0665 0x1688  Tcpip - ok
10:09:11.0715 0x1688  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
10:09:11.0738 0x1688  Tcpip6 - ok
10:09:11.0781 0x1688  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:09:11.0784 0x1688  tcpipreg - ok
10:09:11.0826 0x1688  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:09:11.0828 0x1688  TDPIPE - ok
10:09:11.0850 0x1688  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:09:11.0853 0x1688  TDTCP - ok
10:09:11.0894 0x1688  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:09:11.0898 0x1688  tdx - ok
10:09:11.0909 0x1688  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:09:11.0913 0x1688  TermDD - ok
10:09:11.0943 0x1688  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
10:09:11.0967 0x1688  TermService - ok
10:09:12.0014 0x1688  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
10:09:12.0023 0x1688  Themes - ok
10:09:12.0056 0x1688  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
10:09:12.0060 0x1688  THREADORDER - ok
10:09:12.0086 0x1688  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
10:09:12.0091 0x1688  TrkWks - ok
10:09:12.0141 0x1688  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:09:12.0144 0x1688  TrustedInstaller - ok
10:09:12.0198 0x1688  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:12.0200 0x1688  tssecsrv - ok
10:09:12.0232 0x1688  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
10:09:12.0234 0x1688  tunmp - ok
10:09:12.0273 0x1688  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:09:12.0275 0x1688  tunnel - ok
10:09:12.0296 0x1688  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:09:12.0299 0x1688  uagp35 - ok
10:09:12.0333 0x1688  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:09:12.0342 0x1688  udfs - ok
10:09:12.0381 0x1688  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:09:12.0390 0x1688  UI0Detect - ok
10:09:12.0426 0x1688  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:09:12.0429 0x1688  uliagpkx - ok
10:09:12.0462 0x1688  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
10:09:12.0504 0x1688  uliahci - ok
10:09:12.0534 0x1688  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
10:09:12.0540 0x1688  UlSata - ok
10:09:12.0565 0x1688  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
10:09:12.0570 0x1688  ulsata2 - ok
10:09:12.0598 0x1688  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:09:12.0600 0x1688  umbus - ok
10:09:12.0644 0x1688  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
10:09:12.0654 0x1688  upnphost - ok
10:09:12.0750 0x1688  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:12.0760 0x1688  usbccgp - ok
10:09:12.0802 0x1688  [ 49A623C16E482F4D31AD0EBD801DD8EC, CE3E810A7EE7CDB881419DB6142860F8D738A42C146070DACD3D0A1C6CCE2B79 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
10:09:12.0818 0x1688  usbcir - ok
10:09:12.0865 0x1688  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:09:12.0868 0x1688  usbehci - ok
10:09:12.0892 0x1688  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:09:12.0902 0x1688  usbhub - ok
10:09:12.0926 0x1688  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:09:12.0928 0x1688  usbohci - ok
10:09:12.0962 0x1688  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:09:12.0964 0x1688  usbprint - ok
10:09:13.0003 0x1688  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:09:13.0006 0x1688  usbscan - ok
10:09:13.0045 0x1688  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:09:13.0062 0x1688  USBSTOR - ok
10:09:13.0106 0x1688  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:09:13.0110 0x1688  usbuhci - ok
10:09:13.0155 0x1688  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
10:09:13.0167 0x1688  UxSms - ok
10:09:13.0222 0x1688  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
10:09:13.0247 0x1688  vds - ok
10:09:13.0276 0x1688  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:13.0279 0x1688  vga - ok
10:09:13.0301 0x1688  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:09:13.0304 0x1688  VgaSave - ok
10:09:13.0339 0x1688  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:09:13.0343 0x1688  viaagp - ok
10:09:13.0371 0x1688  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
10:09:13.0374 0x1688  ViaC7 - ok
10:09:13.0405 0x1688  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
10:09:13.0408 0x1688  viaide - ok
10:09:13.0431 0x1688  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:09:13.0435 0x1688  volmgr - ok
10:09:13.0484 0x1688  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:09:13.0496 0x1688  volmgrx - ok
10:09:13.0544 0x1688  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:09:13.0562 0x1688  volsnap - ok
10:09:13.0587 0x1688  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:09:13.0594 0x1688  vsmraid - ok
10:09:13.0687 0x1688  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
10:09:13.0792 0x1688  VSS - ok
10:09:13.0837 0x1688  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
10:09:13.0847 0x1688  W32Time - ok
10:09:13.0882 0x1688  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:09:13.0885 0x1688  WacomPen - ok
10:09:13.0917 0x1688  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
10:09:13.0921 0x1688  Wanarp - ok
10:09:13.0942 0x1688  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:09:13.0945 0x1688  Wanarpv6 - ok
10:09:14.0050 0x1688  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:09:14.0076 0x1688  wcncsvc - ok
10:09:14.0103 0x1688  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:09:14.0109 0x1688  WcsPlugInService - ok
10:09:14.0285 0x1688  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
10:09:14.0288 0x1688  Wd - ok
10:09:14.0376 0x1688  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:09:14.0420 0x1688  Wdf01000 - ok
10:09:14.0439 0x1688  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:09:14.0450 0x1688  WdiServiceHost - ok
10:09:14.0464 0x1688  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:09:14.0471 0x1688  WdiSystemHost - ok
10:09:14.0536 0x1688  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
10:09:14.0545 0x1688  WebClient - ok
10:09:14.0607 0x1688  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:09:14.0616 0x1688  Wecsvc - ok
10:09:14.0641 0x1688  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:09:14.0650 0x1688  wercplsupport - ok
10:09:14.0681 0x1688  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:09:14.0688 0x1688  WerSvc - ok
10:09:14.0788 0x1688  [ 0869C31E0FF995BF00628AF8C1658E26, 3D9E852B82AAEBBECC70750437939681A54F4C4CF1D5E23BD51424A54CCB796E ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:09:14.0814 0x1688  winachsf - ok
10:09:14.0879 0x1688  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:09:14.0896 0x1688  WinDefend - ok
10:09:14.0910 0x1688  WinHttpAutoProxySvc - ok
10:09:14.0978 0x1688  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:09:14.0983 0x1688  Winmgmt - ok
10:09:15.0114 0x1688  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:09:15.0180 0x1688  WinRM - ok
10:09:15.0272 0x1688  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:09:15.0288 0x1688  Wlansvc - ok
10:09:15.0313 0x1688  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:09:15.0324 0x1688  WmiAcpi - ok
10:09:15.0371 0x1688  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:09:15.0380 0x1688  wmiApSrv - ok
10:09:15.0445 0x1688  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:09:15.0487 0x1688  WMPNetworkSvc - ok
10:09:15.0544 0x1688  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:09:15.0553 0x1688  WPCSvc - ok
10:09:15.0600 0x1688  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:09:15.0605 0x1688  WPDBusEnum - ok
10:09:15.0657 0x1688  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
10:09:15.0660 0x1688  WpdUsb - ok
10:09:15.0783 0x1688  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:09:15.0832 0x1688  WPFFontCache_v0400 - ok
10:09:15.0862 0x1688  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:09:15.0864 0x1688  ws2ifsl - ok
10:09:15.0905 0x1688  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:09:15.0910 0x1688  wscsvc - ok
10:09:15.0916 0x1688  WSearch - ok
10:09:16.0071 0x1688  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:09:16.0121 0x1688  wuauserv - ok
10:09:16.0220 0x1688  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:09:16.0222 0x1688  WudfPf - ok
10:09:16.0271 0x1688  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:16.0278 0x1688  WUDFRd - ok
10:09:16.0318 0x1688  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:09:16.0323 0x1688  wudfsvc - ok
10:09:16.0384 0x1688  [ BFCC507ECA58F11C5FED96E192B878CB, EE9A8AFED52D66E4B7BA1CB9DD8FD3C666D4E89597A429960A9C6776937FD679 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
10:09:16.0410 0x1688  XAudio - ok
10:09:16.0422 0x1688  XAudioService - ok
10:09:16.0440 0x1688  ================ Scan global ===============================
10:09:16.0467 0x1688  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
10:09:16.0532 0x1688  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
10:09:16.0616 0x1688  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
10:09:16.0695 0x1688  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
10:09:16.0707 0x1688  [ Global ] - ok
10:09:16.0707 0x1688  ================ Scan MBR ==================================
10:09:16.0745 0x1688  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
10:09:17.0230 0x1688  \Device\Harddisk0\DR0 - ok
10:09:17.0236 0x1688  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
10:09:17.0243 0x1688  \Device\Harddisk1\DR1 - ok
10:09:17.0243 0x1688  ================ Scan VBR ==================================
10:09:17.0261 0x1688  [ B61711E6FE7B615905B40F5907EBB06C ] \Device\Harddisk0\DR0\Partition1
10:09:17.0309 0x1688  \Device\Harddisk0\DR0\Partition1 - ok
10:09:17.0327 0x1688  [ D43CCAF72370BCBE4B2A438FD63B8EC9 ] \Device\Harddisk0\DR0\Partition2
10:09:17.0329 0x1688  \Device\Harddisk0\DR0\Partition2 - ok
10:09:17.0340 0x1688  [ 417E094BFB17A6C6C03F99BD593AD53B ] \Device\Harddisk1\DR1\Partition1
10:09:17.0341 0x1688  \Device\Harddisk1\DR1\Partition1 - ok
10:09:17.0342 0x1688  Waiting for KSN requests completion. In queue: 95
10:09:18.0342 0x1688  Waiting for KSN requests completion. In queue: 95
10:09:19.0342 0x1688  Waiting for KSN requests completion. In queue: 95
10:09:20.0393 0x1688  AV detected via SS2: ESET Smart Security 7.0, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 7.0.302.0 ), 0x41000 ( enabled : updated )
10:09:20.0398 0x1688  FW detected via SS2: ESET Personal firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 7.0.302.0 ), 0x41010 ( enabled )
10:09:22.0863 0x1688  ============================================================
10:09:22.0863 0x1688  Scan finished
10:09:22.0863 0x1688  ============================================================
10:09:22.0875 0x1524  Detected object count: 0
10:09:22.0875 0x1524  Actual detected object count: 0
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 22 November 2013 - 03:02 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Mammoth_rib

Mammoth_rib
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 22 November 2013 - 03:48 PM

Okay, the ComboFix scan is complete.

 

ComboFix 13-11-22.01 - 0467 Home User 11/22/2013  13:57:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.1290 [GMT -6:00]
Running from: c:\users\0467 Home User\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-22 to 2013-11-22  )))))))))))))))))))))))))))))))
.
.
2013-11-22 20:41 . 2013-11-22 20:41    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-11-22 20:41 . 2013-11-22 20:41    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-11-22 20:41 . 2013-11-22 20:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-22 19:49 . 2013-11-08 01:15    7772552    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5923695B-18CC-448C-936F-280C13F5E195}\mpengine.dll
2013-11-21 07:48 . 2013-11-21 15:02    --------    d-----w-    C:\AdwCleaner
2013-11-21 04:49 . 2013-11-21 04:49    --------    d-----w-    c:\users\0467 Home User\AppData\Roaming\Malwarebytes
2013-11-21 04:49 . 2013-11-21 04:49    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-21 04:49 . 2013-11-21 04:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-21 04:49 . 2013-04-04 20:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-20 02:02 . 2013-11-20 02:03    --------    d-----w-    c:\windows\system32\C2MP
2013-11-20 01:49 . 2013-11-20 01:49    --------    d-----w-    c:\users\0467 Home User\AppData\Local\NativeMessaging
2013-11-20 01:49 . 2013-11-20 01:49    --------    d-----w-    c:\users\0467 Home User\AppData\Local\CRE
2013-11-20 01:49 . 2013-11-20 01:49    --------    d-----w-    c:\program files\Conduit
2013-11-20 01:48 . 2013-11-20 01:48    --------    d-----w-    c:\users\0467 Home User\AppData\Roaming\CBS Interactive
2013-11-15 08:38 . 2013-11-20 03:21    --------    d-----w-    c:\program files\Blue Coat K9 Web Protection
2013-11-14 04:24 . 2013-10-03 12:45    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-11-14 04:23 . 2013-10-11 02:08    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-14 04:23 . 2013-10-11 02:07    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-14 04:23 . 2013-10-03 12:45    993792    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-10 01:24 . 2013-11-10 01:24    --------    d-----w-    c:\users\0467 Home User\dwhelper
2013-11-06 19:18 . 2013-11-06 19:18    --------    d-----w-    c:\program files\RMPrepUSB
2013-11-06 18:42 . 2013-11-06 18:42    --------    d-----w-    c:\users\0467 Home User\AppData\Roaming\SanDisk SecureAccess
2013-10-29 01:16 . 2013-10-29 01:16    --------    d-----w-    c:\users\0467 Home User\AppData\Local\ESET
2013-10-29 01:00 . 2013-10-29 01:00    --------    d-----w-    c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 11:50 . 2010-09-12 04:37    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-22 05:10 . 2013-10-07 03:43    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-17 20:17 . 2013-09-17 20:17    49240    ----a-w-    c:\windows\system32\drivers\epfwwfp.sys
2013-09-17 20:17 . 2013-09-17 20:17    37416    ----a-w-    c:\windows\system32\drivers\EpfwLWF.sys
2013-09-17 20:17 . 2013-09-17 20:17    188808    ----a-w-    c:\windows\system32\drivers\eamonm.sys
2013-09-17 20:17 . 2013-09-17 20:17    174400    ----a-w-    c:\windows\system32\drivers\epfw.sys
2013-09-17 20:17 . 2013-09-17 20:17    134248    ----a-w-    c:\windows\system32\drivers\ehdrv.sys
2013-09-01 22:23 . 2013-09-01 22:23    39904    ----a-w-    c:\windows\system32\DiscHandler.exe
2013-08-30 03:54 . 2013-08-30 03:54    3915776    ----a-w-    c:\windows\system32\ffmpeg.dll
2013-08-30 03:53 . 2013-08-30 03:53    112640    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-08-30 03:53 . 2013-08-30 03:53    3502592    ----a-w-    c:\windows\system32\ffdshow.ax
2013-08-30 03:51 . 2013-08-30 03:51    99840    ----a-w-    c:\windows\system32\ff_wmv9.dll
2013-08-30 03:51 . 2013-08-30 03:51    157184    ----a-w-    c:\windows\system32\ff_unrar.dll
2013-08-30 03:51 . 2013-08-30 03:51    147456    ----a-w-    c:\windows\system32\ff_libmad.dll
2013-08-30 03:51 . 2013-08-30 03:51    211968    ----a-w-    c:\windows\system32\ff_libdts.dll
2013-08-30 03:51 . 2013-08-30 03:51    1525760    ----a-w-    c:\windows\system32\ff_samplerate.dll
2013-08-30 03:51 . 2013-08-30 03:51    114688    ----a-w-    c:\windows\system32\ff_liba52.dll
2013-08-30 03:51 . 2013-08-30 03:51    271360    ----a-w-    c:\windows\system32\TomsMoComp_ff.dll
2013-08-30 03:51 . 2013-08-30 03:51    136704    ----a-w-    c:\windows\system32\libmpeg2_ff.dll
2013-08-29 07:36 . 2013-10-13 16:50    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-08-27 02:47 . 2013-10-13 16:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47 . 2013-10-13 16:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47 . 2013-10-13 16:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47 . 2013-10-13 16:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52 . 2013-10-13 16:50    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50 . 2013-10-13 16:50    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32 . 2013-10-13 16:50    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28 . 2013-10-13 16:50    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-08-27 01:28 . 2013-10-13 16:50    798208    ----a-w-    c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Akamai NetSession Interface"="c:\users\0467 Home User\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ConduitFloatingPlugin_ffekppndigniegkobcngkdmaadbhhonj"="c:\program files\Conduit\CT3306058\plugins\TBVerifier.dll" [1617-11-28 296736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-28 296056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\System32\C2MP\UpdateChecker.exe [2013-9-1 48248]
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 22:08    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-07 05:10]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 03:18]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 03:18]
.
2013-11-13 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.0.1
FF - ProfilePath - c:\users\0467 Home User\AppData\Roaming\Mozilla\Firefox\Profiles\2mk4c7tl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN20488996673240311&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - gamefaqs.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&SearchSource=2&CUI=UN20488996673240311&UM=2&q=
FF - ExtSQL: !HIDDEN! 2009-10-25 10:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - b02d30b30000000000000021973b3530
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15985
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.622:40
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122786&tsp=5028
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-22 14:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-11-22  14:44:28
ComboFix-quarantined-files.txt  2013-11-22 20:44
.
Pre-Run: 71,217,721,344 bytes free
Post-Run: 71,312,695,296 bytes free
.
- - End Of File - - E6BDF694E665D4F6434F5F205BF4E6C1
81CD5EC01DB0CE57EDD853F82462EF27
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 25 November 2013 - 03:06 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Mammoth_rib

Mammoth_rib
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 25 November 2013 - 01:38 PM

CFScript does not seem to be attached, or at least I cannot find it in your message.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 26 November 2013 - 09:20 AM

No, it isn´t. sorry, here it is:

 

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Mammoth_rib

Mammoth_rib
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 27 November 2013 - 12:20 PM

Wonderful, thank you.  Here are the logs.

 

ComboFix log:

 

ComboFix 13-11-23.02 - 0467 Home User 11/26/2013  11:36:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3070.1836 [GMT -6:00]
Running from: c:\users\0467 Home User\Desktop\ComboFix.exe
Command switches used :: c:\users\0467 Home User\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\CT3306058\plugins\TBVerifier.dll
c:\users\0467 Home User\AppData\Local\CRE
c:\users\0467 Home User\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx
c:\users\0467 Home User\AppData\Local\NativeMessaging
c:\users\0467 Home User\AppData\Local\NativeMessaging\CT3306058\1_0_0_4\nmHostConfig.json
c:\users\0467 Home User\AppData\Local\NativeMessaging\CT3306058\1_0_0_4\nmHostManifest.json
c:\users\0467 Home User\AppData\Local\NativeMessaging\CT3306058\1_0_0_4\TBMessagingHost.exe
c:\users\0467 Home User\AppData\Local\NativeMessaging\CT3306058\nmHostManifest.json
c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))
.
.
2013-11-26 18:18 . 2013-11-26 18:18    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-11-26 18:18 . 2013-11-26 18:18    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-11-26 18:18 . 2013-11-26 18:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-26 17:41 . 2013-11-26 17:41    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E53A677-57F7-42E3-BE2C-AD6E3CEA4CAD}\offreg.dll
2013-11-26 17:15 . 2013-11-08 01:15    7772552    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E53A677-57F7-42E3-BE2C-AD6E3CEA4CAD}\mpengine.dll
2013-11-25 19:44 . 2013-11-25 19:44    --------    d-----w-    c:\users\0467 Home User\AppData\Roaming\OpenOffice
2013-11-25 19:35 . 2013-11-25 19:36    --------    d-----w-    c:\program files\OpenOffice 4
2013-11-21 07:48 . 2013-11-21 15:02    --------    d-----w-    C:\AdwCleaner
2013-11-21 04:49 . 2013-11-21 04:49    --------    d-----w-    c:\users\0467 Home User\AppData\Roaming\Malwarebytes
2013-11-21 04:49 . 2013-11-21 04:49    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-21 04:49 . 2013-11-21 04:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-11-21 04:49 . 2013-04-04 20:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-20 02:02 . 2013-11-20 02:03    --------    d-----w-    c:\windows\system32\C2MP
2013-11-20 01:48 . 2013-11-20 01:48    --------    d-----w-    c:\users\0467 Home User\AppData\Roaming\CBS Interactive
2013-11-15 08:38 . 2013-11-20 03:21    --------    d-----w-    c:\program files\Blue Coat K9 Web Protection
2013-11-14 04:24 . 2013-10-03 12:45    297984    ----a-w-    c:\windows\system32\gdi32.dll
2013-11-14 04:23 . 2013-10-11 02:08    444928    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-11-14 04:23 . 2013-10-11 02:07    596480    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-11-14 04:23 . 2013-10-03 12:45    993792    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-10 01:24 . 2013-11-10 01:24    --------    d-----w-    c:\users\0467 Home User\dwhelper
2013-11-06 19:18 . 2013-11-06 19:18    --------    d-----w-    c:\program files\RMPrepUSB
2013-11-06 18:42 . 2013-11-06 18:42    --------    d-----w-    c:\users\0467 Home User\AppData\Roaming\SanDisk SecureAccess
2013-10-29 01:16 . 2013-10-29 01:16    --------    d-----w-    c:\users\0467 Home User\AppData\Local\ESET
2013-10-29 01:00 . 2013-10-29 01:00    --------    d-----w-    c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-25 18:19 . 2013-10-07 03:43    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-11 11:50 . 2010-09-12 04:37    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-09-17 20:17 . 2013-09-17 20:17    49240    ----a-w-    c:\windows\system32\drivers\epfwwfp.sys
2013-09-17 20:17 . 2013-09-17 20:17    37416    ----a-w-    c:\windows\system32\drivers\EpfwLWF.sys
2013-09-17 20:17 . 2013-09-17 20:17    188808    ----a-w-    c:\windows\system32\drivers\eamonm.sys
2013-09-17 20:17 . 2013-09-17 20:17    174400    ----a-w-    c:\windows\system32\drivers\epfw.sys
2013-09-17 20:17 . 2013-09-17 20:17    134248    ----a-w-    c:\windows\system32\drivers\ehdrv.sys
2013-09-01 22:23 . 2013-09-01 22:23    39904    ----a-w-    c:\windows\system32\DiscHandler.exe
2013-08-30 03:54 . 2013-08-30 03:54    3915776    ----a-w-    c:\windows\system32\ffmpeg.dll
2013-08-30 03:53 . 2013-08-30 03:53    112640    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-08-30 03:53 . 2013-08-30 03:53    3502592    ----a-w-    c:\windows\system32\ffdshow.ax
2013-08-30 03:51 . 2013-08-30 03:51    99840    ----a-w-    c:\windows\system32\ff_wmv9.dll
2013-08-30 03:51 . 2013-08-30 03:51    157184    ----a-w-    c:\windows\system32\ff_unrar.dll
2013-08-30 03:51 . 2013-08-30 03:51    147456    ----a-w-    c:\windows\system32\ff_libmad.dll
2013-08-30 03:51 . 2013-08-30 03:51    211968    ----a-w-    c:\windows\system32\ff_libdts.dll
2013-08-30 03:51 . 2013-08-30 03:51    1525760    ----a-w-    c:\windows\system32\ff_samplerate.dll
2013-08-30 03:51 . 2013-08-30 03:51    114688    ----a-w-    c:\windows\system32\ff_liba52.dll
2013-08-30 03:51 . 2013-08-30 03:51    271360    ----a-w-    c:\windows\system32\TomsMoComp_ff.dll
2013-08-30 03:51 . 2013-08-30 03:51    136704    ----a-w-    c:\windows\system32\libmpeg2_ff.dll
2013-08-29 07:36 . 2013-10-13 16:50    2050048    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Akamai NetSession Interface"="c:\users\0467 Home User\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-28 296056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\System32\C2MP\UpdateChecker.exe [2013-9-1 48248]
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe -det [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 22:08    1210320    ----a-w-    c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-07 18:19]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 03:18]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-14 03:18]
.
2013-11-13 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.0.1
FF - ProfilePath - c:\users\0467 Home User\AppData\Roaming\Mozilla\Firefox\Profiles\2mk4c7tl.default\
FF - prefs.js: browser.startup.homepage - gamefaqs.com
FF - ExtSQL: !HIDDEN! 2009-10-25 10:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-26 12:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-11-26  12:20:45
ComboFix-quarantined-files.txt  2013-11-26 18:20
ComboFix2.txt  2013-11-22 20:44
.
Pre-Run: 71,990,153,216 bytes free
Post-Run: 71,945,347,072 bytes free
.
- - End Of File - - D06103BB39DC59AFCF4DB94E93A9345D
81CD5EC01DB0CE57EDD853F82462EF27
 

Malwarebytes log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
0467 Home User :: 0467HOMEUSER-PC [administrator]

Protection: Disabled

11/26/2013 12:24:29 PM
mbam-log-2013-11-26 (12-24-29).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 488665
Time elapsed: 2 hour(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 28 November 2013 - 02:49 PM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Mammoth_rib

Mammoth_rib
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 30 November 2013 - 10:15 AM

Scan "completed".  I allowed the scan to run overnight, and the next morning it had shut down unexpectedly and was waiting on a blue screen.  It seems to be working correctly again now, and all scans are listed as having been completed with no threats found.

 

There are three scans listed.  Though none of them indicated any threats, I have posted the largest one anyway:

 

Scan Log
Version of virus signature database: 9114 (20131129)
Date: 11/30/2013  Time: 2:36:06 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\hp\bin\Python\Lib\email\test\data\msg_01.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_02.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_03.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_04.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_05.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_06.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_07.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_08.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_09.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_10.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_11.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_12.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_12a.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_13.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_14.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_15.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_16.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_17.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_18.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_20.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_21.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_22.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_23.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_24.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_25.txt » MBOX - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_26.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_27.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_28.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_29.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_30.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_31.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_34.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_35.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_36.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_37.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_38.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_39.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_40.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_41.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_42.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_43.txt » MBOX - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_44.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\test\testtar.tar » TAR »  - archive damaged
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht1 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht2 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht11 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht21 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht5 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht6 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht8 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht01 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht12 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht13 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht14 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht15 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht17 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht18 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht19 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht20 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht3 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht22 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht23 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht10 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ARA\lightscribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CHS\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CHT\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CSY\lightscribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\DAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\DEU\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ELL\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ESN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\EUK\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\FIN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\FRA\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\HEB\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ITA\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\JPN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\KOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\NLD\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\NOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\PLK\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\PTB\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\PTG\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\RUS\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\SKY\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\SVE\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\TRK\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/security/java.policy - is OK
C:\Program Files\Common Files\LightScribe\Content\heb\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ptg\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LS Getting Started\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WISDDABC66756B3412282B02F5782EA2F9A_4_11_10_4138.MSI » MSI » Cabs.w1.cab » CAB » SHDS.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WISDDABC66756B3412282B02F5782EA2F9A_4_11_10_4138.MSI » MSI » Cabs.w1.cab » CAB » initrd.gz2 » GZIP » initrd » CPIO »  - archive damaged
C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\In The Groove 2\Songs\Community Keyboard Megapack - Volume 2\(DTM) Cradle\Readme.txt » MBOX - is OK (internal scanning not performed)
C:\Program Files\THQ\Spirit\uninstall.exe » NSIS - unsupported option
C:\ProgramData\WildTangent\My HP Game Console\Downloads\en-us\Installers\hellskitchen-setup.exe_cache » NSIS » HellsKitchen.zip - archive damaged - the file could not be extracted.
C:\System Volume Information\{02a3d17c-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{02a3d18a-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{02a3d194-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{02a3d198-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{387aab34-4d78-11e3-8ac4-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe963-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe967-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe99d-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe9a1-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b8e-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b92-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b98-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b9c-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{80f2bd97-51b6-11e3-b48e-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{82cb41fc-55fd-11e3-930b-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{82cb4308-55fd-11e3-930b-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{97610830-53ae-11e3-a0cb-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{adde2a90-52b9-11e3-9106-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{bfb76096-5214-11e3-8eb7-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{bfb7609a-5214-11e3-8eb7-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{c2e86182-544b-11e3-8649-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{c2e86189-544b-11e3-8649-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{cdf5f880-56bc-11e3-97ec-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{cdf5f8aa-56bc-11e3-97ec-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{cdf5f8ba-56bc-11e3-97ec-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f16d0163-5882-11e3-87d1-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f935f470-4cb6-11e3-84b2-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f935f48e-4cb6-11e3-84b2-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{fc335415-4fa9-11e3-ae1e-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{fcb185f2-513a-11e3-8c65-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\0467 Home User\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\740078B4-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Users\0467 Home User\Desktop\backup\desktop\stuff\school stuff\GrafiX Docs\Bin\_VTI_CNF\GrafiX 9 Project.zip » ZIP »  - archive damaged
C:\Users\0467 Home User\Desktop\backup\desktop\stuff\school stuff\GrafiX Docs\Bin\_VTI_CNF\grafixExpress.zip » ZIP »  - archive damaged
C:\Users\0467 Home User\Desktop\EXEs and Misc\SM395.zip » ZIP » StepMania 3.95 CVS (06-19-2005).exe » NSIS » avformat.dll » UPX v12_m5_dll - unpack error
C:\Users\0467 Home User\Downloads\NINTENDO_Revolution_SDK_2.1_Wii-SYNDiCATE\syn-wsdk21.rar » RAR » RVL_SDK-2_1-060821\RVL_SDK\dvddata\axdemo\synth\gm16pcm.pcm - next archive volume not found
C:\Users\All Users\WildTangent\My HP Game Console\Downloads\en-us\Installers\hellskitchen-setup.exe_cache » NSIS » HellsKitchen.zip - archive damaged - the file could not be extracted.
D:\hp\Drv\APP01795\src\gst\ARA\lightscribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CHS\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CHT\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CSY\lightscribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\DAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\DEU\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\ELL\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\ESN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\EUK\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\FIN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\FRA\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\HEB\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\ITA\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\JPN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\KOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\NLD\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\NOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\PLK\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\PTB\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\PTG\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\RUS\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\SKY\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\SVE\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\TRK\LightScribe.mht » MIME - is OK (internal scanning not performed)
Number of scanned objects: 502456
Number of threats found: 0
Time of completion: 4:36:05 AM  Total scanning time: 7199 sec (01:59:59)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 02 December 2013 - 03:18 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Mammoth_rib

Mammoth_rib
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 04 December 2013 - 03:31 AM

Alright, got it:

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          12/4/2013 2:25:25 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      0467HomeUser-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is COMPAQ.

A disk check has been scheduled.
Windows will now check the disk.                         
  264448 file records processed.                                  

  868 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  75 reparse records processed.                               

  341094 index entries processed.                                 

  0 unindexed files processed.                               

  264448 security descriptors processed.                          

Cleaning up 7252 unused index entries from index $SII of file 0x9.
Cleaning up 7252 unused index entries from index $SDH of file 0x9.
Cleaning up 7252 unused security descriptors.
  38324 data files processed.                                    

CHKDSK is verifying Usn Journal...
  34734168 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  264432 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  17039082 free clusters processed.                                 

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 232396258 KB total disk space.
 163740504 KB in 212357 files.
    116840 KB in 38325 indexes.
         0 KB in bad sectors.
    382586 KB in use by the system.
     65536 KB occupied by the log file.
  68156328 KB available on disk.

      4096 bytes in each allocation unit.
  58099064 total allocation units on disk.
  17039082 allocation units available on disk.

Internal Info:
00 09 04 00 45 d3 03 00 73 b9 06 00 00 00 00 00  ....E...s.......
9a 01 00 00 4b 00 00 00 00 00 00 00 00 00 00 00  ....K...........
42 00 00 00 e2 73 cf 77 b8 87 1f 00 b8 7f 1f 00  B....s.w........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-04T08:25:25.000Z" />
    <EventRecordID>40773</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>0467HomeUser-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is COMPAQ.

A disk check has been scheduled.
Windows will now check the disk.                         
  264448 file records processed.                                  

  868 large file records processed.                            

  0 bad file records processed.                              

  0 EA records processed.                                    

  75 reparse records processed.                               

  341094 index entries processed.                                 

  0 unindexed files processed.                               

  264448 security descriptors processed.                          

Cleaning up 7252 unused index entries from index $SII of file 0x9.
Cleaning up 7252 unused index entries from index $SDH of file 0x9.
Cleaning up 7252 unused security descriptors.
  38324 data files processed.                                    

CHKDSK is verifying Usn Journal...
  34734168 USN bytes processed.                                     

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  264432 files processed.                                         

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  17039082 free clusters processed.                                 

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 232396258 KB total disk space.
 163740504 KB in 212357 files.
    116840 KB in 38325 indexes.
         0 KB in bad sectors.
    382586 KB in use by the system.
     65536 KB occupied by the log file.
  68156328 KB available on disk.

      4096 bytes in each allocation unit.
  58099064 total allocation units on disk.
  17039082 allocation units available on disk.

Internal Info:
00 09 04 00 45 d3 03 00 73 b9 06 00 00 00 00 00  ....E...s.......
9a 01 00 00 4b 00 00 00 00 00 00 00 00 00 00 00  ....K...........
42 00 00 00 e2 73 cf 77 b8 87 1f 00 b8 7f 1f 00  B....s.w........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 AM

Posted 06 December 2013 - 03:55 AM

Please rescan with ESET following my instructions above.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Mammoth_rib

Mammoth_rib
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 10 December 2013 - 03:58 PM

Apologies for the delay on this one:

 

Scan Log
Version of virus signature database: 9152 (20131209)
Date: 12/9/2013  Time: 11:24:48 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\hp\bin\Python\Lib\email\test\data\msg_01.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_02.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_03.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_04.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_05.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_06.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_07.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_08.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_09.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_10.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_11.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_12.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_12a.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_13.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_14.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_15.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_16.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_17.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_18.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_20.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_21.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_22.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_23.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_24.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_25.txt » MBOX - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_26.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_27.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_28.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_29.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_30.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_31.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_34.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_35.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_36.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_37.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_38.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_39.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_40.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_41.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_42.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_43.txt » MBOX - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\email\test\data\msg_44.txt » MIME - is OK (internal scanning not performed)
C:\hp\bin\Python\Lib\test\testtar.tar » TAR »  - archive damaged
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht1 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht2 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht11 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht21 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht5 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht6 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht8 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht01 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht12 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht13 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht14 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht15 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht17 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht18 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht19 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht20 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht3 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht22 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht23 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht10 » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ARA\lightscribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CHS\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CHT\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\CSY\lightscribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\DAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\DEU\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ELL\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ESN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\EUK\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\FIN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\FRA\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\HEB\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\ITA\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\JPN\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\KOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\NLD\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\NOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\PLK\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\PTB\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\PTG\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\RUS\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\SKY\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\SVE\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\hp\drivers\LightScribe\gst\TRK\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip » ZIP » lib/security/java.policy - is OK
C:\Program Files\Common Files\LightScribe\Content\heb\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ptg\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LS Getting Started\LightScribe.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WISDDABC66756B3412282B02F5782EA2F9A_4_11_10_4138.MSI » MSI » Cabs.w1.cab » CAB » SHDS.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WISDDABC66756B3412282B02F5782EA2F9A_4_11_10_4138.MSI » MSI » Cabs.w1.cab » CAB » initrd.gz2 » GZIP » initrd » CPIO »  - archive damaged
C:\Program Files\Google\Update\1.3.22.3\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\In The Groove 2\Songs\Community Keyboard Megapack - Volume 2\(DTM) Cradle\Readme.txt » MBOX - is OK (internal scanning not performed)
C:\Program Files\THQ\Spirit\uninstall.exe » NSIS - unsupported option
C:\ProgramData\WildTangent\My HP Game Console\Downloads\en-us\Installers\hellskitchen-setup.exe_cache » NSIS » HellsKitchen.zip - archive damaged - the file could not be extracted.
C:\System Volume Information\{02a3d17c-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{02a3d18a-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{02a3d194-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{02a3d198-5995-11e3-bec6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3ea88d61-612b-11e3-8552-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe963-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe967-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe99d-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{46fbe9a1-5929-11e3-b8f6-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b8e-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b92-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b98-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{54312b9c-5998-11e3-b584-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{7d71656c-5fc2-11e3-ac86-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{82cb41fc-55fd-11e3-930b-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{82cb4308-55fd-11e3-930b-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{9060f2e1-6019-11e3-8548-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{93e36556-5ec5-11e3-8386-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{97610830-53ae-11e3-a0cb-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{9cc4c98e-5c39-11e3-a878-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{9cc4c9d6-5c39-11e3-a878-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{adde2a90-52b9-11e3-9106-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{bfb76096-5214-11e3-8eb7-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{bfb7609a-5214-11e3-8eb7-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{c2e86182-544b-11e3-8649-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{c2e86189-544b-11e3-8649-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{cdf5f880-56bc-11e3-97ec-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{cdf5f8aa-56bc-11e3-97ec-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{cdf5f8ba-56bc-11e3-97ec-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d143c96c-5cf2-11e3-bbaa-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{d910ca8a-5aae-11e3-8eff-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f16d0163-5882-11e3-87d1-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f62c219f-59cf-11e3-8d08-0021973b3530}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\0467 Home User\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\740078B4-00000001.eml » MIME - is OK (internal scanning not performed)
C:\Users\0467 Home User\Desktop\backup\desktop\stuff\school stuff\GrafiX Docs\Bin\_VTI_CNF\GrafiX 9 Project.zip » ZIP »  - archive damaged
C:\Users\0467 Home User\Desktop\backup\desktop\stuff\school stuff\GrafiX Docs\Bin\_VTI_CNF\grafixExpress.zip » ZIP »  - archive damaged
C:\Users\0467 Home User\Desktop\EXEs and Misc\SM395.zip » ZIP » StepMania 3.95 CVS (06-19-2005).exe » NSIS » avformat.dll » UPX v12_m5_dll - unpack error
C:\Users\0467 Home User\Downloads\NINTENDO_Revolution_SDK_2.1_Wii-SYNDiCATE\syn-wsdk21.rar » RAR » RVL_SDK-2_1-060821\RVL_SDK\dvddata\axdemo\synth\gm16pcm.pcm - next archive volume not found
C:\Users\All Users\WildTangent\My HP Game Console\Downloads\en-us\Installers\hellskitchen-setup.exe_cache » NSIS » HellsKitchen.zip - archive damaged - the file could not be extracted.
D:\hp\Drv\APP01795\src\gst\ARA\lightscribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CHS\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CHT\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\CSY\lightscribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\DAN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\DEU\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\ELL\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\ESN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\EUK\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\FIN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\FRA\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\HEB\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\ITA\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\JPN\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\KOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\NLD\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\NOR\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\PLK\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\PTB\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\PTG\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\RUS\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\SKY\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\SVE\LightScribe.mht » MIME - is OK (internal scanning not performed)
D:\hp\Drv\APP01795\src\gst\TRK\LightScribe.mht » MIME - is OK (internal scanning not performed)
Number of scanned objects: 490510
Number of threats found: 0
Time of completion: 12:08:31 AM  Total scanning time: 2623 sec (00:43:43)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users