Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possibly infected with various adware & trojan virus, too many to name


  • This topic is locked This topic is locked
16 replies to this topic

#1 mv123

mv123

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 02 December 2013 - 12:59 AM

Hello,

 

I have my sister's computer that appears to be infected with something, or several things (adware, possibly trojan viruses and/or keyloggers), as scans from various anti-virus, anti-malware, and anti-rootkit software return different results.

 

The computer is a Dell Inspiron E1505 running Windows XP SP3 with Internet Explorer 8.  Security programs installed are Avast Free Antivirus, Malarebytes Anti-Malware, Sbybot Search & Destroy, CCleaner, and Secunia PSI, although for some reason, Secunia isn't starting when I launch it, so I haven't been able to run it.

 

I have installed SpyHunter and Trojan Killer as part of my effort to find out what's wrong with the computer, but have since uninstalled them.

 

Here's what I've run (I do have logs for all scans, except the first time I ran Sybot, which I forgot to save):

- clear browser history, temporary internet items, cookies, cache, etc
- empty TEMP directory
  - There is a file named F_IN_BOX.dll in temp that I cannot delete.
    - Googled F_IN_BOX.dll, from what I found, this appears to be a trojan/keylogger, although the developer claims it is "A developer library to enhance Flash ActiveX features" (from www.f-in-box.com)
- empty recycle bin

 

- run CCleaner, cleaned temp/etc, ran several times on registry to remove items for software that has been uninstalled

 

- run Spybot Search & Destroy 1.6.2:
  - updated detections
  - ran scan
  - found 1 PUPSC and 4 Malware items.  Did not fix it.  I want to run Malwarebytes and see what it comes up with before cleaning.

    - forgot to save log for this scan

 

- run Malwarebytes Anti-Malware:
  - updated database from v2013.11.28.04 to v2013.11.30.02
  - Performed full scan:
  - nothing found

 

- run SpyHunter
  - scan memory, registry, cookies, files, and rootkits
  - Found the following:
    - adware:win32/Vidsaver
    - and System Guard has c:\i386\KB929969.exe as VirtuMonde
  - did not fix this, SpyHunter is not free, and nothing else has detected this

 

- run Malwarebytes Anti-Rootkit BETA v1.07.0.1007:
  - update database from v2013.11.17.01 to v2013.11.30.04
  - scan drivers, sectors, and system
  - nothing found

- ran BitDefender online scan:
  - no infections found

 

- I noticed that regardless of what I set the home page to, when I open IE, it always goes to www.yahoo.com

 

- unintalled SpyHunter

 

- ran adwcleaner.exe
  - Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
  - Googled this, turns out to be Yahoo! toolbar, which is not installed (was at one point, but has since been uninstalled)
  - ran cleaner to delete these two items.

 

- changed home page back to default (Google), now it seems to remain on Google, whereas before it would always return to yahoo.com. 

 

- ran Spybot Search & Destroy again.
  - check for updates, none found
  - scan results: Alotbar, Win32.Downloader.gen (SearchProtect in 1 directory location and 3 registry entries)
  - selected to fix problems found
    - unable to fix HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchProtect
    - selected to run Sbybot-S&D on next startup.
    - restarted computer to have Sbybot S&D run at startup.
    - upon startup, Sbybot S&D scan continued, found nothing, I then ran a scan again and nothing was found.

 

- re-installed Trojan Killer
  - ran full scan (startup locations, memory items, Hijack items, services, ActiveX sections, LSP items, BHO items)
  - nothing found
  - ran full system scan
  - found 7 adware items in registry (Adware.Win32.Crossrider.pl.ss, AdwareWin32.Crossrider.pl.ss, Adware.Win32.Mirar.pl.ss, Adware.Win32.Mirrar.pl.ss, and Rogue.Win32.PCHealthKit.pl.sm), and now it found 1 trojan (Trojan.Small!t) and 1 thread (W32.Sality.T.an!t3).  These last two items were not found when I ran Trojan Killer previously.  I Googled both, the first one appears to be valid thread and the second one returned nothing.
  - Did not fix this, Trojan Killer is not free, and after googling Trojan Killer I found conflicting information (some say it's good, some say it's bad and messed up the person's computer)

- SpyHunter and Trojan Killer each find items the other programs don't find, but none find the same items and none find F_IN_BOX.dll.  Actually, nothing that I've run has found this

 

- went to www.bleepingcomputer.com for help
- per instructions on what to do before posting, I downloaded and ran DDS, attach.txt file is attached and the contents of dds.txt are posted below.

 

Thank you in advance.

 

Attached File  attach.txt   19.49KB   0 downloads

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Celeste at 21:05:42 on 2013-12-01
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.900 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070426
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070426
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\celeste\startm~1\programs\startup\autoru~1\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wincin~1.lnk - c:\program files\sandisk\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F6034472-26C0-431A-AD53-3C7593FA76E2} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
Notify: QC - itlnfw32.dll
Notify: - itlnfw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-9 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-23 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-23 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-23 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-9 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-23 50344]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2012-4-29 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2012-4-29 49152]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2012-4-29 246936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2004-8-10 14336]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-10-2 10112]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-17 06:39:19 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-17 06:39:18 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-17 06:39:15 43152 ----a-w- c:\windows\avastSS.scr
2013-11-05 03:05:13 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-05 03:05:13 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 21:06:30.39 ===============

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 02 December 2013 - 04:09 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 02 December 2013 - 12:47 PM

Hello Marius,

 

Thank you for your quick response and for any help you can provide.  I am at my place of employment now and cannot work on the infected computer until later this evening.  I will follow your instructions and post all requested information at that time.

Thanks again.

--

Maria



#4 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 02 December 2013 - 11:15 PM

Hi Marius,

 

I ran TDSSKiller as instructed.  The scan did not encounter anything.  Here are the contents of the log file:

 

 

19:54:54.0390 0x0474  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
19:55:00.0875 0x0474  ============================================================
19:55:00.0875 0x0474  Current date / time: 2013/12/02 19:55:00.0875
19:55:00.0875 0x0474  SystemInfo:
19:55:00.0875 0x0474 
19:55:00.0875 0x0474  OS Version: 5.1.2600 ServicePack: 3.0
19:55:00.0875 0x0474  Product type: Workstation
19:55:00.0875 0x0474  ComputerName: CVARGAS
19:55:00.0875 0x0474  UserName: Celeste
19:55:00.0875 0x0474  Windows directory: C:\WINDOWS
19:55:00.0875 0x0474  System windows directory: C:\WINDOWS
19:55:00.0875 0x0474  Processor architecture: Intel x86
19:55:00.0875 0x0474  Number of processors: 2
19:55:00.0875 0x0474  Page size: 0x1000
19:55:00.0875 0x0474  Boot type: Normal boot
19:55:00.0875 0x0474  ============================================================
19:55:03.0187 0x0474  KLMD registered as C:\WINDOWS\system32\drivers\90202043.sys
19:55:03.0468 0x0474  System UUID: {A8CE0DF2-763A-FB4C-5067-81D631108AA9}
19:55:04.0671 0x0474  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:55:04.0671 0x0474  ============================================================
19:55:04.0671 0x0474  \Device\Harddisk0\DR0:
19:55:04.0671 0x0474  MBR partitions:
19:55:04.0671 0x0474  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x11FFC12D
19:55:04.0718 0x0474  ============================================================
19:55:04.0828 0x0474  C: <-> \Device\Harddisk0\DR0\Partition1
19:55:04.0828 0x0474  ============================================================
19:55:04.0828 0x0474  Initialize success
19:55:04.0828 0x0474  ============================================================
19:55:12.0828 0x0ef8  ============================================================
19:55:12.0828 0x0ef8  Scan started
19:55:12.0828 0x0ef8  Mode: Manual;
19:55:12.0828 0x0ef8  ============================================================
19:55:12.0828 0x0ef8  KSN ping started
19:55:27.0343 0x0ef8  KSN ping finished: true
19:55:28.0437 0x0ef8  ================ Scan system memory ========================
19:55:28.0437 0x0ef8  System memory - ok
19:55:28.0437 0x0ef8  ================ Scan services =============================
19:55:28.0875 0x0ef8  Abiosdsk - ok
19:55:29.0187 0x0ef8  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:55:29.0203 0x0ef8  abp480n5 - ok
19:55:29.0406 0x0ef8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:55:29.0421 0x0ef8  ACPI - ok
19:55:29.0484 0x0ef8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:55:29.0515 0x0ef8  ACPIEC - ok
19:55:29.0578 0x0ef8  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:55:29.0609 0x0ef8  adpu160m - ok
19:55:29.0656 0x0ef8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:55:29.0671 0x0ef8  aec - ok
19:55:29.0906 0x0ef8  [ A7B8A3A79D35215D798A300DF49ED23F, D441633C0F8E22F8976B95D6A3DCD552AA07C616AC5FE4379472954F7BE6075E ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
19:55:29.0906 0x0ef8  Afc - ok
19:55:30.0015 0x0ef8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:55:30.0015 0x0ef8  AFD - ok
19:55:30.0468 0x0ef8  [ 7F1130830B3BA85921519A5616E29803, 18A55229BFF735C101DE09F861E46FC964855B4D312CC2E56D7B8B233E3D56DF ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
19:55:30.0515 0x0ef8  AffinegyService - ok
19:55:30.0515 0x0ef8  AFGMp50 - ok
19:55:30.0578 0x0ef8  [ 1961590AA191B6B7DCF18A6A693AF7B8, 69DB6D42DB4EB8C77DC927FA946D115C19A936ADBD2F5677CBB5039401D6EFD0 ] AFGSp50         C:\WINDOWS\system32\Drivers\AFGSp50.sys
19:55:30.0578 0x0ef8  AFGSp50 - ok
19:55:30.0671 0x0ef8  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
19:55:30.0671 0x0ef8  agp440 - ok
19:55:30.0781 0x0ef8  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:55:30.0796 0x0ef8  agpCPQ - ok
19:55:30.0890 0x0ef8  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:55:30.0890 0x0ef8  Aha154x - ok
19:55:30.0906 0x0ef8  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:55:30.0906 0x0ef8  aic78u2 - ok
19:55:30.0921 0x0ef8  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:55:30.0937 0x0ef8  aic78xx - ok
19:55:31.0078 0x0ef8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:55:31.0125 0x0ef8  Alerter - ok
19:55:31.0140 0x0ef8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
19:55:31.0156 0x0ef8  ALG - ok
19:55:31.0187 0x0ef8  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
19:55:31.0187 0x0ef8  AliIde - ok
19:55:31.0203 0x0ef8  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:55:31.0203 0x0ef8  alim1541 - ok
19:55:31.0265 0x0ef8  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:55:31.0265 0x0ef8  amdagp - ok
19:55:31.0296 0x0ef8  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
19:55:31.0328 0x0ef8  amsint - ok
19:55:31.0468 0x0ef8  [ EC94E05B76D033B74394E7B2175103CF, 4F0993951B72478D87AD15A6FC33D3D18FEFAF2A08698CFC63BBD1EDB784B0FE ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
19:55:31.0484 0x0ef8  APPDRV - ok
19:55:31.0812 0x0ef8  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:31.0812 0x0ef8  Apple Mobile Device - ok
19:55:31.0828 0x0ef8  AppMgmt - ok
19:55:31.0921 0x0ef8  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:55:31.0921 0x0ef8  Arp1394 - ok
19:55:32.0000 0x0ef8  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
19:55:32.0000 0x0ef8  asc - ok
19:55:32.0046 0x0ef8  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:55:32.0062 0x0ef8  asc3350p - ok
19:55:32.0093 0x0ef8  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:55:32.0109 0x0ef8  asc3550 - ok
19:55:32.0437 0x0ef8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:55:32.0453 0x0ef8  aspnet_state - ok
19:55:32.0546 0x0ef8  [ 74202D5A696A412733B387BD18400E4C, 8E85AF6EC5E5E45E9D5AB781D812B480E4242B2B2D8607270FB175E24FD0A0D9 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:55:32.0546 0x0ef8  aswFsBlk - ok
19:55:32.0640 0x0ef8  [ AA3397F034871DE76A74585774029580, 166635E38E062856F8453A1E3EC253AD4A11B2D43CBE8EDB0191EC1AEC498F68 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
19:55:32.0656 0x0ef8  aswMonFlt - ok
19:55:32.0718 0x0ef8  [ 9F597676EDA29D6619C5E76F523892D7, 7CB50BBB87EC42B0310A9191552C565ABA1CB821F03B9309F47841949CB3B2E4 ] AswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
19:55:32.0718 0x0ef8  AswRdr - ok
19:55:32.0812 0x0ef8  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
19:55:32.0828 0x0ef8  aswRvrt - ok
19:55:33.0093 0x0ef8  [ BB27A67D7F465D2720D74B5223DD91E4, 41B06E71477F85908F926A3C80324AAF5D014B61B29073720A6E2D90190D0B82 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
19:55:33.0156 0x0ef8  aswSnx - ok
19:55:33.0265 0x0ef8  [ 259E864BFB9268CD7CEFA5849A3B374B, EF1BE2581A53A6FCCE64ECE63AF2CF3D84592D472694102FD147ADE57C0F4697 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
19:55:33.0296 0x0ef8  aswSP - ok
19:55:33.0343 0x0ef8  [ AB499F3325E62E157F8E8302065B1B30, 512D6C7324815F8589F8647199373102613810DB33C1FD1379E339F2BAA18F46 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
19:55:33.0343 0x0ef8  aswTdi - ok
19:55:33.0468 0x0ef8  [ BADA8FD627F1D0E22308211C33F0BDB5, F88751280969B8963DCFC684C99C7CCF396B50FD0AC0F869628A009557438609 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
19:55:33.0484 0x0ef8  aswVmm - ok
19:55:33.0562 0x0ef8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:55:33.0578 0x0ef8  AsyncMac - ok
19:55:33.0640 0x0ef8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:55:33.0640 0x0ef8  atapi - ok
19:55:33.0656 0x0ef8  Atdisk - ok
19:55:33.0765 0x0ef8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:55:33.0859 0x0ef8  Atmarpc - ok
19:55:33.0953 0x0ef8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:55:33.0968 0x0ef8  AudioSrv - ok
19:55:34.0000 0x0ef8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:55:34.0015 0x0ef8  audstub - ok
19:55:34.0250 0x0ef8  [ 4D41D30E2FAB3307967C7A0B045DC874, 620482D08544478862C78285E17DEE9BC3466DF8B62BD502B0C17AE6501D2B5E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:55:34.0250 0x0ef8  avast! Antivirus - ok
19:55:34.0437 0x0ef8  [ B89BCF0A25AEB3B47030AC83287F894A, DEBA0B00D5E15D1F4AC014D3FD684115E48FE924DF0170F7F4273056DD854778 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:55:34.0656 0x0ef8  BCM43XX - ok
19:55:34.0734 0x0ef8  [ 6489310D11971F6BA6C7F49BE0BAF6E0, 24FB7D3DA7F372C30258AB476F0FAF43A73FF97417E86B0646105BA60B71E2AF ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
19:55:34.0734 0x0ef8  bcm4sbxp - ok
19:55:34.0859 0x0ef8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:55:35.0015 0x0ef8  Beep - ok
19:55:35.0390 0x0ef8  [ DEFCE42FE9EED1A0DC4A28FDDFF603C9, DAB072CDBE098B7693A51299314094D66D91344BCD57BD3846054654A5F2B863 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
19:55:35.0406 0x0ef8  Belkin Local Backup Service - ok
19:55:35.0515 0x0ef8  [ E23AF2900A4E3CA7FF22F1C80A013305, F87A24B3AC8984991EB2315DEA2C64C7F547F05AA9E917B450D6A659C88A338F ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
19:55:35.0531 0x0ef8  Belkin Network USB Helper - ok
19:55:35.0656 0x0ef8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:55:35.0859 0x0ef8  BITS - ok
19:55:36.0093 0x0ef8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:55:36.0125 0x0ef8  Bonjour Service - ok
19:55:36.0218 0x0ef8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
19:55:36.0234 0x0ef8  Browser - ok
19:55:36.0328 0x0ef8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:55:36.0343 0x0ef8  cbidf - ok
19:55:36.0359 0x0ef8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:55:36.0359 0x0ef8  cbidf2k - ok
19:55:36.0484 0x0ef8  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:55:36.0484 0x0ef8  CCDECODE - ok
19:55:36.0546 0x0ef8  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:55:36.0578 0x0ef8  cd20xrnt - ok
19:55:36.0593 0x0ef8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:55:36.0593 0x0ef8  Cdaudio - ok
19:55:36.0687 0x0ef8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:55:36.0703 0x0ef8  Cdfs - ok
19:55:36.0781 0x0ef8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:55:36.0781 0x0ef8  Cdrom - ok
19:55:36.0796 0x0ef8  Changer - ok
19:55:36.0859 0x0ef8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:55:36.0906 0x0ef8  CiSvc - ok
19:55:36.0937 0x0ef8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:55:36.0953 0x0ef8  ClipSrv - ok
19:55:37.0062 0x0ef8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:37.0109 0x0ef8  clr_optimization_v2.0.50727_32 - ok
19:55:37.0312 0x0ef8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:37.0328 0x0ef8  clr_optimization_v4.0.30319_32 - ok
19:55:37.0406 0x0ef8  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:55:37.0406 0x0ef8  CmBatt - ok
19:55:37.0437 0x0ef8  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:55:37.0437 0x0ef8  CmdIde - ok
19:55:37.0468 0x0ef8  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:55:37.0468 0x0ef8  Compbatt - ok
19:55:37.0468 0x0ef8  COMSysApp - ok
19:55:37.0671 0x0ef8  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:55:37.0671 0x0ef8  Cpqarray - ok
19:55:37.0781 0x0ef8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:55:37.0781 0x0ef8  CryptSvc - ok
19:55:37.0828 0x0ef8  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:55:37.0843 0x0ef8  dac2w2k - ok
19:55:37.0859 0x0ef8  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:55:37.0859 0x0ef8  dac960nt - ok
19:55:38.0000 0x0ef8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:55:38.0031 0x0ef8  DcomLaunch - ok
19:55:38.0125 0x0ef8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:55:38.0171 0x0ef8  Dhcp - ok
19:55:38.0250 0x0ef8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:55:38.0250 0x0ef8  Disk - ok
19:55:38.0250 0x0ef8  dmadmin - ok
19:55:38.0421 0x0ef8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:55:38.0593 0x0ef8  dmboot - ok
19:55:38.0687 0x0ef8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:55:38.0703 0x0ef8  dmio - ok
19:55:38.0796 0x0ef8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:55:38.0796 0x0ef8  dmload - ok
19:55:38.0875 0x0ef8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:55:38.0906 0x0ef8  dmserver - ok
19:55:39.0015 0x0ef8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:55:39.0031 0x0ef8  DMusic - ok
19:55:39.0140 0x0ef8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:55:39.0156 0x0ef8  Dnscache - ok
19:55:39.0296 0x0ef8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:55:39.0312 0x0ef8  Dot3svc - ok
19:55:39.0406 0x0ef8  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:55:39.0406 0x0ef8  dpti2o - ok
19:55:39.0500 0x0ef8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:55:39.0500 0x0ef8  drmkaud - ok
19:55:39.0609 0x0ef8  [ E814854E6B246CCF498874839AB64D77, D7BD17AD9709DA8305FF58710EE5EAA14BA5857F4B64C1CBDD21751625BFF2A3 ] drvmcdb         C:\WINDOWS\system32\drivers\drvmcdb.sys
19:55:39.0609 0x0ef8  drvmcdb - ok
19:55:39.0625 0x0ef8  [ EE83A4EBAE70BC93CF14879D062F548B, CCA423C19BC8A6807EE29DA7FA9F545FDF2D0AAA8D4556E13B864ED6F6683827 ] drvnddm         C:\WINDOWS\system32\drivers\drvnddm.sys
19:55:39.0640 0x0ef8  drvnddm - ok
19:55:39.0812 0x0ef8  [ 2AC2372FFAD9ADC85672CC8E8AE14BE9, 047FDB1D039C28F194222C5168D78C1BFFAE3873CE2991DF4B1097D294C04ED9 ] DSproct         C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
19:55:39.0812 0x0ef8  DSproct - ok
19:55:39.0875 0x0ef8  [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:55:39.0890 0x0ef8  E100B - ok
19:55:40.0046 0x0ef8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:55:40.0062 0x0ef8  EapHost - ok
19:55:40.0171 0x0ef8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:55:40.0203 0x0ef8  ERSvc - ok
19:55:40.0218 0x0ef8  esgiguard - ok
19:55:40.0296 0x0ef8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
19:55:40.0312 0x0ef8  Eventlog - ok
19:55:40.0515 0x0ef8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
19:55:40.0531 0x0ef8  EventSystem - ok
19:55:40.0656 0x0ef8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:55:40.0671 0x0ef8  Fastfat - ok
19:55:40.0828 0x0ef8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:55:40.0843 0x0ef8  FastUserSwitchingCompatibility - ok
19:55:40.0984 0x0ef8  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
19:55:41.0031 0x0ef8  Fax - ok
19:55:41.0046 0x0ef8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:55:41.0046 0x0ef8  Fdc - ok
19:55:41.0109 0x0ef8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:55:41.0109 0x0ef8  Fips - ok
19:55:41.0296 0x0ef8  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:55:41.0546 0x0ef8  FLEXnet Licensing Service - ok
19:55:41.0687 0x0ef8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:55:41.0687 0x0ef8  Flpydisk - ok
19:55:41.0812 0x0ef8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:55:41.0828 0x0ef8  FltMgr - ok
19:55:42.0015 0x0ef8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:55:42.0031 0x0ef8  FontCache3.0.0.0 - ok
19:55:42.0046 0x0ef8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:55:42.0093 0x0ef8  Fs_Rec - ok
19:55:42.0250 0x0ef8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:55:42.0265 0x0ef8  Ftdisk - ok
19:55:42.0437 0x0ef8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:55:42.0437 0x0ef8  GEARAspiWDM - ok
19:55:42.0500 0x0ef8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:55:42.0546 0x0ef8  Gpc - ok
19:55:42.0656 0x0ef8  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:55:42.0671 0x0ef8  HDAudBus - ok
19:55:42.0828 0x0ef8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:55:42.0843 0x0ef8  helpsvc - ok
19:55:42.0890 0x0ef8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:55:42.0906 0x0ef8  HidServ - ok
19:55:42.0984 0x0ef8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:55:42.0984 0x0ef8  HidUsb - ok
19:55:43.0093 0x0ef8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:55:43.0140 0x0ef8  hkmsvc - ok
19:55:43.0171 0x0ef8  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
19:55:43.0250 0x0ef8  hpn - ok
19:55:43.0390 0x0ef8  [ 1C8CAA80E91FB71864E9426F9EED048D, 2D5AC07A984235E5E01604A64740D1E96F16F0CB09F2D6331CF4B5871C6FABBA ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:55:43.0406 0x0ef8  HSFHWAZL - ok
19:55:43.0578 0x0ef8  [ 698204D9C2832E53633E53A30A53FC3D, AD16E9BDB4CAD80C00AD163A9EBB9D734A06AA4B45AF3B72EE73EA908D4645C4 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
19:55:43.0843 0x0ef8  HSF_DPV - ok
19:55:43.0968 0x0ef8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:55:44.0062 0x0ef8  HTTP - ok
19:55:44.0156 0x0ef8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:55:44.0171 0x0ef8  HTTPFilter - ok
19:55:44.0281 0x0ef8  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
19:55:44.0281 0x0ef8  i2omgmt - ok
19:55:44.0359 0x0ef8  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:55:44.0375 0x0ef8  i2omp - ok
19:55:44.0484 0x0ef8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:55:44.0500 0x0ef8  i8042prt - ok
19:55:44.0859 0x0ef8  [ CC449157474D5E43DAEA7E20F52C635A, 5C65259E32096949F1E7E449E7F6058408AD28B6276564BD477A700E048977DE ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:55:45.0125 0x0ef8  ialm - ok
19:55:45.0546 0x0ef8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:55:45.0656 0x0ef8  idsvc - ok
19:55:45.0765 0x0ef8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:55:45.0796 0x0ef8  Imapi - ok
19:55:45.0906 0x0ef8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:55:45.0921 0x0ef8  ImapiService - ok
19:55:46.0000 0x0ef8  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:55:46.0000 0x0ef8  ini910u - ok
19:55:46.0062 0x0ef8  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
19:55:46.0062 0x0ef8  IntelIde - ok
19:55:46.0140 0x0ef8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:55:46.0140 0x0ef8  intelppm - ok
19:55:46.0343 0x0ef8  [ 7BDB4E00E1CB174B56E5B2C31DDE68A7, C7FC4B2A3245DCD4E01B8DC9F7AA8D4FBDD5D1B4F5A00B8895B2EC5E9068D91A ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:55:46.0343 0x0ef8  IntuitUpdateService - ok
19:55:46.0515 0x0ef8  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:55:46.0515 0x0ef8  IntuitUpdateServiceV4 - ok
19:55:46.0593 0x0ef8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:55:46.0671 0x0ef8  Ip6Fw - ok
19:55:46.0765 0x0ef8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:55:46.0765 0x0ef8  IpFilterDriver - ok
19:55:46.0875 0x0ef8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:55:46.0890 0x0ef8  IpInIp - ok
19:55:47.0000 0x0ef8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:55:47.0015 0x0ef8  IpNat - ok
19:55:47.0406 0x0ef8  [ E3E71649A926CB34FA4D7AB75DCE126C, FEAAEA9CB8CF3D6152E26E55520F80845391D6214D02449332BB110C64E5CF30 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:55:47.0453 0x0ef8  iPod Service - ok
19:55:47.0468 0x0ef8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:55:47.0484 0x0ef8  IPSec - ok
19:55:47.0531 0x0ef8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:55:47.0531 0x0ef8  IRENUM - ok
19:55:47.0609 0x0ef8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:55:47.0609 0x0ef8  isapnp - ok
19:55:47.0671 0x0ef8  itlperf - ok
19:55:47.0703 0x0ef8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:55:47.0703 0x0ef8  Kbdclass - ok
19:55:47.0734 0x0ef8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:55:47.0734 0x0ef8  kbdhid - ok
19:55:47.0765 0x0ef8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:55:47.0781 0x0ef8  kmixer - ok
19:55:47.0890 0x0ef8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:55:47.0906 0x0ef8  KSecDD - ok
19:55:48.0000 0x0ef8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:55:48.0000 0x0ef8  lanmanserver - ok
19:55:48.0109 0x0ef8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:55:48.0125 0x0ef8  lanmanworkstation - ok
19:55:48.0125 0x0ef8  lbrtfdc - ok
19:55:48.0218 0x0ef8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:55:48.0218 0x0ef8  LmHosts - ok
19:55:48.0281 0x0ef8  [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:55:48.0281 0x0ef8  mdmxsdk - ok
19:55:48.0453 0x0ef8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:55:48.0500 0x0ef8  Messenger - ok
19:55:48.0515 0x0ef8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:55:48.0546 0x0ef8  mnmdd - ok
19:55:48.0703 0x0ef8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:55:48.0734 0x0ef8  mnmsrvc - ok
19:55:48.0859 0x0ef8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:55:48.0859 0x0ef8  Modem - ok
19:55:48.0890 0x0ef8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:55:48.0890 0x0ef8  Mouclass - ok
19:55:49.0171 0x0ef8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:55:49.0187 0x0ef8  mouhid - ok
19:55:49.0328 0x0ef8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:55:49.0328 0x0ef8  MountMgr - ok
19:55:49.0453 0x0ef8  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:55:49.0468 0x0ef8  mraid35x - ok
19:55:49.0578 0x0ef8  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:55:49.0734 0x0ef8  MREMP50 - ok
19:55:49.0750 0x0ef8  MREMP50a64 - ok
19:55:49.0765 0x0ef8  MREMPR5 - ok
19:55:49.0765 0x0ef8  MRENDIS5 - ok
19:55:49.0828 0x0ef8  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:55:49.0828 0x0ef8  MRESP50 - ok
19:55:49.0828 0x0ef8  MRESP50a64 - ok
19:55:49.0906 0x0ef8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:55:50.0031 0x0ef8  MRxDAV - ok
19:55:50.0156 0x0ef8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:55:50.0218 0x0ef8  MRxSmb - ok
19:55:50.0359 0x0ef8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:55:50.0390 0x0ef8  MSDTC - ok
19:55:50.0437 0x0ef8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:55:50.0437 0x0ef8  Msfs - ok
19:55:50.0453 0x0ef8  MSIServer - ok
19:55:50.0562 0x0ef8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:55:50.0593 0x0ef8  MSKSSRV - ok
19:55:50.0671 0x0ef8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:55:50.0687 0x0ef8  MSPCLOCK - ok
19:55:50.0781 0x0ef8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:55:50.0781 0x0ef8  MSPQM - ok
19:55:50.0875 0x0ef8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:55:50.0875 0x0ef8  mssmbios - ok
19:55:50.0953 0x0ef8  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:55:50.0968 0x0ef8  MSTEE - ok
19:55:50.0984 0x0ef8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:55:51.0015 0x0ef8  Mup - ok
19:55:51.0062 0x0ef8  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:55:51.0109 0x0ef8  NABTSFEC - ok
19:55:51.0281 0x0ef8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:55:51.0343 0x0ef8  napagent - ok
19:55:51.0546 0x0ef8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:55:51.0562 0x0ef8  NDIS - ok
19:55:51.0671 0x0ef8  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:55:51.0671 0x0ef8  NdisIP - ok
19:55:51.0765 0x0ef8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:55:51.0765 0x0ef8  NdisTapi - ok
19:55:51.0843 0x0ef8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:55:51.0843 0x0ef8  Ndisuio - ok
19:55:51.0937 0x0ef8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:55:51.0937 0x0ef8  NdisWan - ok
19:55:52.0031 0x0ef8  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:55:52.0031 0x0ef8  NDProxy - ok
19:55:52.0109 0x0ef8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:55:52.0125 0x0ef8  NetBIOS - ok
19:55:52.0140 0x0ef8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:55:52.0156 0x0ef8  NetBT - ok
19:55:52.0250 0x0ef8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:55:52.0265 0x0ef8  NetDDE - ok
19:55:52.0343 0x0ef8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:55:52.0343 0x0ef8  NetDDEdsdm - ok
19:55:52.0468 0x0ef8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:55:52.0484 0x0ef8  Netlogon - ok
19:55:52.0578 0x0ef8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
19:55:52.0593 0x0ef8  Netman - ok
19:55:52.0828 0x0ef8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:52.0843 0x0ef8  NetTcpPortSharing - ok
19:55:52.0968 0x0ef8  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:55:52.0968 0x0ef8  NIC1394 - ok
19:55:53.0156 0x0ef8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:55:53.0296 0x0ef8  Nla - ok
19:55:53.0484 0x0ef8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:55:53.0484 0x0ef8  Npfs - ok
19:55:53.0765 0x0ef8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:55:53.0906 0x0ef8  Ntfs - ok
19:55:53.0968 0x0ef8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:55:53.0968 0x0ef8  NtLmSsp - ok
19:55:54.0140 0x0ef8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:55:54.0296 0x0ef8  NtmsSvc - ok
19:55:54.0343 0x0ef8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:55:54.0343 0x0ef8  Null - ok
19:55:54.0703 0x0ef8  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:55:55.0234 0x0ef8  nv - ok
19:55:55.0312 0x0ef8  [ 0973C0C696780161F4526586D5EAC422, ED0DFB4EACA6A8E9CF92B217FD362F2665535B340C071E9CD7A47EFB8150C50C ] NWADI           C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
19:55:55.0312 0x0ef8  NWADI - ok
19:55:55.0390 0x0ef8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:55:55.0484 0x0ef8  NwlnkFlt - ok
19:55:55.0500 0x0ef8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:55:55.0531 0x0ef8  NwlnkFwd - ok
19:55:55.0671 0x0ef8  [ 1FDE5B2D61D97D803594DF4B3BC28C4B, BDCA99B25D3C053B43E66E42FBAC76BFEFCEB370D0B4A9F04B25F6577CF92B16 ] NWUSBCDFIL      C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
19:55:55.0687 0x0ef8  NWUSBCDFIL - ok
19:55:55.0812 0x0ef8  [ 65B471BB7E57C416A1E685EC07D4ABFA, 06C392270BBB507E4289F87CDC2CD11C0F54F84A21046079AD0B343169933904 ] NWUSBModem      C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
19:55:55.0828 0x0ef8  NWUSBModem - ok
19:55:55.0906 0x0ef8  [ 65B471BB7E57C416A1E685EC07D4ABFA, 06C392270BBB507E4289F87CDC2CD11C0F54F84A21046079AD0B343169933904 ] NWUSBPort       C:\WINDOWS\system32\DRIVERS\nwusbser.sys
19:55:55.0906 0x0ef8  NWUSBPort - ok
19:55:55.0984 0x0ef8  [ 65B471BB7E57C416A1E685EC07D4ABFA, 06C392270BBB507E4289F87CDC2CD11C0F54F84A21046079AD0B343169933904 ] NWUSBPort2      C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
19:55:56.0000 0x0ef8  NWUSBPort2 - ok
19:55:56.0281 0x0ef8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:55:56.0390 0x0ef8  odserv - ok
19:55:56.0468 0x0ef8  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:55:56.0500 0x0ef8  ohci1394 - ok
19:55:56.0578 0x0ef8  [ B17228142CEC9B3C222239FD935A37CA, 862498084CBF4579FCC12807F30BACDAAC16115CC6DB56274B7C49796B62A5CC ] omci            C:\WINDOWS\system32\DRIVERS\omci.sys
19:55:56.0593 0x0ef8  omci - ok
19:55:56.0718 0x0ef8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:56.0906 0x0ef8  ose - ok
19:55:57.0000 0x0ef8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:55:57.0031 0x0ef8  Parport - ok
19:55:57.0093 0x0ef8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:55:57.0093 0x0ef8  PartMgr - ok
19:55:57.0109 0x0ef8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:55:57.0109 0x0ef8  ParVdm - ok
19:55:57.0171 0x0ef8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:55:57.0171 0x0ef8  PCI - ok
19:55:57.0187 0x0ef8  PCIDump - ok
19:55:57.0218 0x0ef8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:55:57.0218 0x0ef8  PCIIde - ok
19:55:57.0375 0x0ef8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:55:57.0390 0x0ef8  Pcmcia - ok
19:55:57.0390 0x0ef8  PDCOMP - ok
19:55:57.0390 0x0ef8  PDFRAME - ok
19:55:57.0406 0x0ef8  PDRELI - ok
19:55:57.0406 0x0ef8  PDRFRAME - ok
19:55:57.0437 0x0ef8  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
19:55:57.0437 0x0ef8  perc2 - ok
19:55:57.0500 0x0ef8  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:55:57.0500 0x0ef8  perc2hib - ok
19:55:57.0578 0x0ef8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:55:57.0593 0x0ef8  PlugPlay - ok
19:55:57.0625 0x0ef8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:55:57.0625 0x0ef8  PolicyAgent - ok
19:55:57.0703 0x0ef8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:55:57.0703 0x0ef8  PptpMiniport - ok
19:55:57.0718 0x0ef8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:55:57.0718 0x0ef8  ProtectedStorage - ok
19:55:57.0750 0x0ef8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:55:57.0765 0x0ef8  PSched - ok
19:55:57.0875 0x0ef8  [ D24DFD16A1E2A76034DF5AA18125C35D, BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf.sys
19:55:57.0875 0x0ef8  PSI - ok
19:55:57.0921 0x0ef8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:55:57.0921 0x0ef8  Ptilink - ok
19:55:58.0015 0x0ef8  [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:55:58.0015 0x0ef8  PxHelp20 - ok
19:55:58.0125 0x0ef8  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:55:58.0125 0x0ef8  ql1080 - ok
19:55:58.0234 0x0ef8  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:55:58.0250 0x0ef8  Ql10wnt - ok
19:55:58.0281 0x0ef8  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:55:58.0281 0x0ef8  ql12160 - ok
19:55:58.0328 0x0ef8  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:55:58.0328 0x0ef8  ql1240 - ok
19:55:58.0546 0x0ef8  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:55:58.0546 0x0ef8  ql1280 - ok
19:55:58.0578 0x0ef8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:55:58.0578 0x0ef8  RasAcd - ok
19:55:58.0765 0x0ef8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:55:58.0796 0x0ef8  RasAuto - ok
19:55:58.0875 0x0ef8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:55:58.0890 0x0ef8  Rasl2tp - ok
19:55:58.0984 0x0ef8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:55:59.0000 0x0ef8  RasMan - ok
19:55:59.0046 0x0ef8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:55:59.0046 0x0ef8  RasPppoe - ok
19:55:59.0062 0x0ef8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:55:59.0062 0x0ef8  Raspti - ok
19:55:59.0156 0x0ef8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:55:59.0171 0x0ef8  Rdbss - ok
19:55:59.0250 0x0ef8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:55:59.0250 0x0ef8  RDPCDD - ok
19:55:59.0359 0x0ef8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:55:59.0359 0x0ef8  rdpdr - ok
19:55:59.0484 0x0ef8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:55:59.0500 0x0ef8  RDPWD - ok
19:55:59.0640 0x0ef8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:55:59.0750 0x0ef8  RDSessMgr - ok
19:55:59.0796 0x0ef8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:55:59.0796 0x0ef8  redbook - ok
19:55:59.0921 0x0ef8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:55:59.0921 0x0ef8  RemoteAccess - ok
19:55:59.0953 0x0ef8  [ 24ED7AF20651F9FA1F249482E7C1F165, 6F7BD68CBA0CACDCB6B43A401887A190FD825B4EE1974D07271224CB225A8DC2 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
19:55:59.0968 0x0ef8  rimmptsk - ok
19:56:00.0046 0x0ef8  [ 1BDBA2D2D402415A78A4BA766DFE0F7B, 894EB6956B8F28DE96B846AC87E4FDD9614240871D6A326CEFB7F99184BC3E79 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
19:56:00.0046 0x0ef8  rimsptsk - ok
19:56:00.0125 0x0ef8  [ F774ECD11A064F0DEBB2D4395418153C, 053CBC85E40C6D8D1FC2968A2B7FD43445E6B0FDEED5905A905F953A236052C9 ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
19:56:00.0234 0x0ef8  rismxdp - ok
19:56:00.0500 0x0ef8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:56:00.0515 0x0ef8  RpcLocator - ok
19:56:00.0640 0x0ef8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:56:00.0656 0x0ef8  RpcSs - ok
19:56:00.0812 0x0ef8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:56:00.0828 0x0ef8  RSVP - ok
19:56:00.0906 0x0ef8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:56:00.0921 0x0ef8  SamSs - ok
19:56:01.0046 0x0ef8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:56:01.0093 0x0ef8  SCardSvr - ok
19:56:01.0234 0x0ef8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:56:01.0250 0x0ef8  Schedule - ok
19:56:01.0421 0x0ef8  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:56:01.0437 0x0ef8  sdbus - ok
19:56:01.0531 0x0ef8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:56:01.0531 0x0ef8  Secdrv - ok
19:56:01.0546 0x0ef8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:56:01.0562 0x0ef8  seclogon - ok
19:56:02.0046 0x0ef8  [ 5B66DB4877BBAC9F7493AA8D84421E49, D1FCE833A9140E5EC3106373A6FF42335A9A20EBBE020E757B55F032DA0FA7AE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
19:56:02.0328 0x0ef8  Secunia PSI Agent - ok
19:56:02.0421 0x0ef8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
19:56:02.0421 0x0ef8  SENS - ok
19:56:02.0609 0x0ef8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:56:02.0609 0x0ef8  serenum - ok
19:56:02.0703 0x0ef8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:56:02.0703 0x0ef8  Serial - ok
19:56:02.0828 0x0ef8  [ 0FA803C64DF0914B41F807EA276BF2A6, 847B1CD47ADF9E4AE298E74CC53A7F9DB4E58F43919D3A2BBFFE07244134778D ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
19:56:02.0828 0x0ef8  sffdisk - ok
19:56:02.0921 0x0ef8  [ C17C331E435ED8737525C86A7557B3AC, F1DEB2CA5D8E02280782B354A31E148E3A2F2B5F57AD6C575875DE20F6D3C930 ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
19:56:02.0921 0x0ef8  sffp_sd - ok
19:56:03.0046 0x0ef8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:56:03.0062 0x0ef8  Sfloppy - ok
19:56:03.0203 0x0ef8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:56:03.0296 0x0ef8  SharedAccess - ok
19:56:03.0375 0x0ef8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:56:03.0406 0x0ef8  ShellHWDetection - ok
19:56:03.0406 0x0ef8  Simbad - ok
19:56:03.0484 0x0ef8  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:56:03.0484 0x0ef8  sisagp - ok
19:56:03.0531 0x0ef8  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:56:03.0546 0x0ef8  SLIP - ok
19:56:03.0625 0x0ef8  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:56:03.0625 0x0ef8  SONYPVU1 - ok
19:56:03.0734 0x0ef8  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:56:03.0734 0x0ef8  Sparrow - ok
19:56:03.0828 0x0ef8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:56:03.0843 0x0ef8  splitter - ok
19:56:03.0953 0x0ef8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:56:03.0968 0x0ef8  Spooler - ok
19:56:04.0062 0x0ef8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:56:04.0078 0x0ef8  sr - ok
19:56:04.0203 0x0ef8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:56:04.0218 0x0ef8  srservice - ok
19:56:04.0359 0x0ef8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:56:04.0390 0x0ef8  Srv - ok
19:56:04.0484 0x0ef8  [ D7968049BE0ADBB6A57CEE3960320911, 6FB6D7BE384324211DAEDCCD80BA983E32183D08DF6C5B5B5453773DCC0F4D5B ] sscdbhk5        C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:56:04.0484 0x0ef8  sscdbhk5 - ok
19:56:04.0546 0x0ef8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:56:04.0562 0x0ef8  SSDPSRV - ok
19:56:04.0687 0x0ef8  [ F843301BDADB2728822C83413EF5F132, C36CB4E972671C9C7FABFEEDD20FD1E239AFAF69AD88586A32B9B2C1FA2A2FDF ] ssmirrdr        C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
19:56:04.0687 0x0ef8  ssmirrdr - ok
19:56:04.0718 0x0ef8  [ C3FFD65ABFB6441E7606CF74F1155273, EFA481D5075A9C0490CEBA5F8223BE322EB3811465F41A1FB3386E30E8C81714 ] ssrtln          C:\WINDOWS\system32\drivers\ssrtln.sys
19:56:04.0718 0x0ef8  ssrtln - ok
19:56:04.0937 0x0ef8  [ 3AD78E22210D3FBD9F76DE84A8DF19B5, 4C3BA26DE5A5567F958EC8173191E0B3CE3438AD0AD6115BDED28A7B5A0DA0B8 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
19:56:05.0015 0x0ef8  STHDA - ok
19:56:05.0109 0x0ef8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:56:05.0203 0x0ef8  stisvc - ok
19:56:05.0296 0x0ef8  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:56:05.0296 0x0ef8  streamip - ok
19:56:05.0421 0x0ef8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:56:05.0421 0x0ef8  swenum - ok
19:56:05.0437 0x0ef8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:56:05.0437 0x0ef8  swmidi - ok
19:56:05.0437 0x0ef8  SwPrv - ok
19:56:05.0593 0x0ef8  [ C8A43978DADCF12B7E40A0577227DFBC, 72C753CB8CE9F2770C8E1B28B9DAAD0CDA3473FAE751A9009AC7FADAA79AAE96 ] sxuptp          C:\WINDOWS\system32\DRIVERS\sxuptp.sys
19:56:05.0593 0x0ef8  sxuptp - ok
19:56:05.0640 0x0ef8  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
19:56:05.0656 0x0ef8  symc810 - ok
19:56:05.0703 0x0ef8  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:56:05.0703 0x0ef8  symc8xx - ok
19:56:05.0750 0x0ef8  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:56:05.0750 0x0ef8  sym_hi - ok
19:56:05.0796 0x0ef8  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:56:05.0796 0x0ef8  sym_u3 - ok
19:56:05.0953 0x0ef8  [ FA2DAA32BED908023272A0F77D625DAE, 7A9A38360D694229BB8B9D3F4C0BEDCD6872F7F074CA81F1425E36C85F602B59 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:56:05.0968 0x0ef8  SynTP - ok
19:56:06.0078 0x0ef8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:56:06.0078 0x0ef8  sysaudio - ok
19:56:06.0171 0x0ef8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:56:06.0218 0x0ef8  SysmonLog - ok
19:56:06.0281 0x0ef8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:56:06.0312 0x0ef8  TapiSrv - ok
19:56:06.0484 0x0ef8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:56:06.0562 0x0ef8  Tcpip - ok
19:56:06.0671 0x0ef8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:56:06.0671 0x0ef8  TDPIPE - ok
19:56:06.0765 0x0ef8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:56:06.0765 0x0ef8  TDTCP - ok
19:56:06.0796 0x0ef8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:56:06.0812 0x0ef8  TermDD - ok
19:56:06.0937 0x0ef8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:56:07.0015 0x0ef8  TermService - ok
19:56:07.0093 0x0ef8  [ 30698355067D07DA5F9EB81132C9FDD6, 80457F8DBB089FFF23ED220924F5C872D896707F4B31E9C77DAB78421B9B2F6D ] tfsnboio        C:\WINDOWS\system32\dla\tfsnboio.sys
19:56:07.0093 0x0ef8  tfsnboio - ok
19:56:07.0109 0x0ef8  [ FB9D825BB4A2ABDF24600F7505050E2B, A7A11366525C4DEAD588822F4C57C7ED5D6F3578F2DB2124BF0441133B3169B9 ] tfsncofs        C:\WINDOWS\system32\dla\tfsncofs.sys
19:56:07.0125 0x0ef8  tfsncofs - ok
19:56:07.0203 0x0ef8  [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33, AA5BDE527B67A14654D930252894FEDB8976EAE1F33C2BC0E7747D2B4EB93C4E ] tfsndrct        C:\WINDOWS\system32\dla\tfsndrct.sys
19:56:07.0203 0x0ef8  tfsndrct - ok
19:56:07.0203 0x0ef8  [ 8DB1E78FBF7C426D8EC3D8F1A33D6485, FF437EFD667EFE00729188B18C7E17E8C15D06A2C1F58A0F79E22DFADCECF969 ] tfsndres        C:\WINDOWS\system32\dla\tfsndres.sys
19:56:07.0218 0x0ef8  tfsndres - ok
19:56:07.0234 0x0ef8  [ B92F67A71CC8176F331B8AA8D9F555AD, F59E8464E44E08C18C3C7D32408D7661923F30FDD35390082DC7F2C02DCC40A3 ] tfsnifs         C:\WINDOWS\system32\dla\tfsnifs.sys
19:56:07.0281 0x0ef8  tfsnifs - ok
19:56:07.0296 0x0ef8  [ 85985FAA9A71E2358FCC2EDEFC2A3C5C, 9ADD1077C3B34E0EFA85EC4762822330D85F43EB4557C9ED015D8D1575E52885 ] tfsnopio        C:\WINDOWS\system32\dla\tfsnopio.sys
19:56:07.0296 0x0ef8  tfsnopio - ok
19:56:07.0343 0x0ef8  [ BBA22094F0F7C210567EFDAF11F64495, C55D3F3628C73FFA776C9B61BA735CB24DEE9F80F6E74A2F9BD70CFFB863BA57 ] tfsnpool        C:\WINDOWS\system32\dla\tfsnpool.sys
19:56:07.0343 0x0ef8  tfsnpool - ok
19:56:07.0375 0x0ef8  [ 81340BEF80B9811E98CE64611E67E3FF, CD6679A4D1A7932CD64F1F6AACF09CEC2D8E7DD001F812CC49756D8F582D907A ] tfsnudf         C:\WINDOWS\system32\dla\tfsnudf.sys
19:56:07.0375 0x0ef8  tfsnudf - ok
19:56:07.0421 0x0ef8  [ C035FD116224CCC8325F384776B6A8BB, CB97AD56288F916DE2AF5B1EC9D04AF3A1C2A2FA0A738282DA3763036DD18F12 ] tfsnudfa        C:\WINDOWS\system32\dla\tfsnudfa.sys
19:56:07.0437 0x0ef8  tfsnudfa - ok
19:56:07.0500 0x0ef8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:56:07.0500 0x0ef8  Themes - ok
19:56:07.0625 0x0ef8  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
19:56:07.0625 0x0ef8  TosIde - ok
19:56:07.0734 0x0ef8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:56:07.0750 0x0ef8  TrkWks - ok
19:56:07.0843 0x0ef8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:56:07.0843 0x0ef8  Udfs - ok
19:56:07.0875 0x0ef8  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
19:56:07.0875 0x0ef8  ultra - ok
19:56:08.0093 0x0ef8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:56:08.0125 0x0ef8  Update - ok
19:56:08.0250 0x0ef8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:56:08.0281 0x0ef8  upnphost - ok
19:56:08.0328 0x0ef8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
19:56:08.0359 0x0ef8  UPS - ok
19:56:08.0468 0x0ef8  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:56:08.0468 0x0ef8  USBAAPL - ok
19:56:08.0687 0x0ef8  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:56:08.0687 0x0ef8  usbaudio - ok
19:56:08.0890 0x0ef8  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:56:08.0890 0x0ef8  usbccgp - ok
19:56:08.0937 0x0ef8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:56:08.0937 0x0ef8  usbehci - ok
19:56:09.0062 0x0ef8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:56:09.0062 0x0ef8  usbhub - ok
19:56:09.0125 0x0ef8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:56:09.0125 0x0ef8  usbprint - ok
19:56:09.0250 0x0ef8  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:56:09.0250 0x0ef8  usbscan - ok
19:56:09.0468 0x0ef8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:56:09.0484 0x0ef8  USBSTOR - ok
19:56:09.0640 0x0ef8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:56:09.0640 0x0ef8  usbuhci - ok
19:56:09.0796 0x0ef8  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
19:56:09.0812 0x0ef8  usbvideo - ok
19:56:09.0906 0x0ef8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:56:09.0906 0x0ef8  VgaSave - ok
19:56:10.0046 0x0ef8  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:56:10.0046 0x0ef8  viaagp - ok
19:56:10.0187 0x0ef8  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
19:56:10.0187 0x0ef8  ViaIde - ok
19:56:10.0312 0x0ef8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:56:10.0312 0x0ef8  VolSnap - ok
19:56:10.0484 0x0ef8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:56:10.0546 0x0ef8  VSS - ok
19:56:10.0671 0x0ef8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
19:56:10.0750 0x0ef8  w32time - ok
19:56:10.0843 0x0ef8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:56:10.0859 0x0ef8  Wanarp - ok
19:56:10.0859 0x0ef8  wanatw - ok
19:56:10.0875 0x0ef8  WDICA - ok
19:56:10.0968 0x0ef8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:56:10.0984 0x0ef8  wdmaud - ok
19:56:11.0078 0x0ef8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:56:11.0093 0x0ef8  WebClient - ok
19:56:11.0328 0x0ef8  [ 74CF3F2E4E40C4A2E18D39D6300A5C24, D688190C5C5F3B31AA0CB7843C480EECFE98FB3AD4FB897B5993B14CECE8BBB2 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:56:11.0500 0x0ef8  winachsf - ok
19:56:11.0687 0x0ef8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:56:11.0703 0x0ef8  winmgmt - ok
19:56:11.0875 0x0ef8  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
19:56:12.0031 0x0ef8  WinRM - ok
19:56:12.0500 0x0ef8  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:56:12.0546 0x0ef8  wlidsvc - ok
19:56:12.0562 0x0ef8  wltrysvc - ok
19:56:12.0609 0x0ef8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:56:12.0625 0x0ef8  WmdmPmSN - ok
19:56:12.0687 0x0ef8  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:56:12.0687 0x0ef8  WmiAcpi - ok
19:56:12.0781 0x0ef8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:56:12.0812 0x0ef8  WmiApSrv - ok
19:56:13.0171 0x0ef8  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
19:56:13.0375 0x0ef8  WMPNetworkSvc - ok
19:56:13.0437 0x0ef8  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
19:56:13.0437 0x0ef8  WpdUsb - ok
19:56:13.0734 0x0ef8  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:56:14.0140 0x0ef8  WPFFontCache_v0400 - ok
19:56:14.0203 0x0ef8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:56:14.0203 0x0ef8  WS2IFSL - ok
19:56:14.0312 0x0ef8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
19:56:14.0343 0x0ef8  wscsvc - ok
19:56:14.0375 0x0ef8  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:56:14.0390 0x0ef8  WSTCODEC - ok
19:56:14.0515 0x0ef8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:56:14.0531 0x0ef8  wuauserv - ok
19:56:14.0609 0x0ef8  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:56:14.0656 0x0ef8  WudfPf - ok
19:56:14.0718 0x0ef8  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WUDFRd          C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
19:56:14.0750 0x0ef8  WUDFRd - ok
19:56:14.0906 0x0ef8  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:56:14.0937 0x0ef8  WudfSvc - ok
19:56:15.0203 0x0ef8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:56:15.0640 0x0ef8  WZCSVC - ok
19:56:15.0718 0x0ef8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:56:15.0859 0x0ef8  xmlprov - ok
19:56:15.0875 0x0ef8  ================ Scan global ===============================
19:56:15.0921 0x0ef8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
19:56:16.0187 0x0ef8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:56:16.0593 0x0ef8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:56:16.0703 0x0ef8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
19:56:16.0718 0x0ef8  [ Global ] - ok
19:56:16.0718 0x0ef8  ================ Scan MBR ==================================
19:56:16.0750 0x0ef8  [ 91722E6BC3A2B40FF00222DCA4A3DB3E ] \Device\Harddisk0\DR0
19:56:18.0421 0x0ef8  \Device\Harddisk0\DR0 - ok
19:56:18.0437 0x0ef8  ================ Scan VBR ==================================
19:56:18.0468 0x0ef8  [ EC9764E78418FDEDA807A30F0EA042CA ] \Device\Harddisk0\DR0\Partition1
19:56:18.0531 0x0ef8  \Device\Harddisk0\DR0\Partition1 - ok
19:56:18.0531 0x0ef8  Waiting for KSN requests completion. In queue: 307
19:56:19.0531 0x0ef8  Waiting for KSN requests completion. In queue: 307
19:56:20.0531 0x0ef8  Waiting for KSN requests completion. In queue: 307
19:56:21.0578 0x0ef8  AV detected via SS1: avast! Antivirus, 5.0.150996952, enabled, updated
19:56:21.0593 0x0ef8  Win FW state via NFM: enabled
19:56:24.0343 0x0ef8  ============================================================
19:56:24.0343 0x0ef8  Scan finished
19:56:24.0343 0x0ef8  ============================================================
19:56:24.0359 0x0e6c  Detected object count: 0
19:56:24.0359 0x0e6c  Actual detected object count: 0
19:56:56.0765 0x0ec4  Deinitialize success
 



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 03 December 2013 - 04:19 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 04 December 2013 - 12:12 AM

Hi Marius,

 

I ran ComboFix.exe as instructed and it did have to install the Microsoft Windows Recovery Console before ComboFix proceeded with the scan.  During the scan, ComboFix found Rootkit.ZeroAcess! and had to reboot several times. After the first reboot, I logged on using the same profile I've been using (there are two on the machine) and there was a dialog that displayed indicating the local profile could not be found.  Unfortunately, I did not obtain the contents of the entire message before the message was replaced with the following message "Windows cannot find the local profile and is logging you on on with a temporary profile.  Changes you make to this profile will be lost when you log off."  Is this (lost profile) normal? The system took a few minutest to log in, when it finally logged in, the desktop was a 'new' desktop and did not contain the same items that normally display.

 

After logging in with the temporary profile, ComboFix continued to run and deleted some directories (I wasn't able to notate these, but I think they are in the log file).  When ComboFix finished, it rebooted the computer again.  I logged on using the same profile I've been using and the desktop did not display the same contents as it normally does, so I'm not sure if this is the temporary profile or not. When I navigate to c:\Documents and Settings I see a new profile that didn't exist before as well as the two previous profiles.  I'm assuming I'm still logged in with the temporary profile.  I'm posting this immediately after ComboFix finished and have not rebooted, so I'm wondering if when I do reboot, will I be logged in with the original profile?  If so, will it be safe?  I most likely will not log back in until I hear back from you as I am avoiding using the system while we go through the process of fixing it and I am only logging on to run programs you instruct me to run.

 

Also, I did disable the Anti-Virus software, but it was re-enabled when the system was rebooted.  Hopefully this did not interfere with what ComboFix was doing.

Here are the contents of the ComboFix.txt file:

 

ComboFix 13-12-04.02 - Celeste 12/03/2013  20:21:58.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1595 [GMT -8:00]
Running from: c:\documents and settings\Celeste\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Celeste\WINDOWS
C:\install.exe
c:\program files\Internet Explorer\11.tmp
c:\program files\Internet Explorer\34.tmp
c:\program files\Internet Explorer\9.tmp
c:\program files\Shared
c:\windows\system32\SET226.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET240.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Service_itlperf
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-04 to 2013-12-04  )))))))))))))))))))))))))))))))
.
.
2013-12-04 04:34 . 2013-12-04 04:34 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-12-04 04:34 . 2013-12-04 04:34 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-12-04 04:34 . 2013-12-04 04:34 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-12-01 15:52 . 2013-12-02 02:57 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-12-01 00:58 . 2013-12-01 00:58 -------- d-----w- c:\documents and settings\Celeste\Application Data\QuickScan
2013-11-30 01:31 . 2013-12-01 01:19 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-28 06:27 . 2013-12-01 01:30 -------- d-----w- C:\AdwCleaner
2013-11-18 05:08 . 2013-11-18 05:08 -------- d-----w- c:\documents and settings\Celeste\Application Data\Windows Search
2013-11-18 04:18 . 2013-11-18 04:18 -------- d-----w- c:\windows\system32\winrm
2013-11-18 04:18 . 2013-11-18 04:18 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-11-18 04:17 . 2013-11-18 05:12 -------- d-----w- c:\program files\Windows Desktop Search
2013-11-18 04:17 . 2013-11-18 04:17 -------- d-----w- c:\windows\system32\GroupPolicy
2013-11-18 04:16 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2013-11-18 04:16 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2013-11-18 04:16 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2013-11-18 04:12 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2013-11-18 03:44 . 2013-11-18 03:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2013-11-18 03:43 . 2013-08-16 21:56 216064 ----a-w- c:\windows\system32\gcapi_dll.dll
2013-11-18 01:41 . 2013-11-18 01:41 -------- d-----w- c:\documents and settings\Celeste\Application Data\Charles
2013-11-18 01:36 . 2013-11-18 01:36 -------- d-----w- c:\program files\Charles
2013-11-18 01:31 . 2013-11-18 01:31 -------- d-----w- c:\program files\Secunia
2013-11-17 08:11 . 2013-11-30 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-17 07:54 . 2013-11-17 07:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVAST Software
2013-11-17 06:59 . 2013-11-17 06:59 105176 ----a-w- c:\windows\system32\drivers\48230029.sys
2013-11-17 06:57 . 2013-11-30 16:50 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-05 03:24 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-11-05 03:24 . 2013-07-03 01:59 14976 ------w- c:\windows\system32\dllcache\usbscan.sys
2013-11-05 03:13 . 2013-11-05 03:13 -------- d-----w- c:\documents and settings\Celeste\Application Data\AVAST Software
2013-11-05 03:07 . 2013-07-17 00:58 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-11-05 03:02 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-11-05 03:02 . 2013-08-09 00:55 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-11-05 03:02 . 2013-08-09 00:55 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2013-11-05 03:02 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-17 06:39 . 2012-07-24 07:23 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-17 06:39 . 2012-07-24 07:23 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-17 06:39 . 2012-07-24 07:23 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-17 06:39 . 2013-04-10 03:18 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-17 06:39 . 2012-07-24 07:23 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-17 06:39 . 2012-07-24 07:23 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-17 06:39 . 2012-07-24 07:22 43152 ----a-w- c:\windows\avastSS.scr
2013-11-17 06:39 . 2012-07-24 07:22 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-05 03:05 . 2013-04-10 03:18 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-05 03:05 . 2013-04-10 03:18 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-13 07:25 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-10 17:50 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-10 17:51 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-10 17:51 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-10 17:50 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2011-11-20 19:43 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-17 06:39 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-17 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Celeste\Start Menu\Programs\Startup\AutorunsDisabled\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
 WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2010-2-2 303104]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-26 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\Belkin\\Router Setup and Monitor\\BelkinSetup.exe"=
"c:\\Program Files\\Charles\\Charles.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/9/2013 7:18 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/9/2013 7:18 PM 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/23/2012 11:23 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/23/2012 11:23 PM 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/23/2012 11:23 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/9/2013 7:18 PM 70384]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [4/29/2012 1:50 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [4/29/2012 1:50 PM 49152]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 11:37 AM 13672]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [4/29/2012 1:49 PM 246936]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 11:23 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 10:08 AM 174336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 12:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/13/2011 10:01 PM 994360]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [10/2/2011 10:45 PM 10112]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-12-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-24 06:38]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070426
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Notify-itlntfy - itlnfw32.dll
Notify-QC - itlnfw32.dll
Notify- - itlnfw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-03 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\windows\OEWABLog.txt 172 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(848)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\msiexec.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-12-03  20:42:52 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-04 04:42
.
Pre-Run: 111,636,779,008 bytes free
Post-Run: 112,385,929,216 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - F393986BBD6E85C615826937223A8933
91722E6BC3A2B40FF00222DCA4A3DB3E



#7 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 05 December 2013 - 11:52 PM

Hi Marius,

Have you had a chance to review the ComboFix logs I posted? Is the system clean now?  Are there other steps I need to take?

 

Thank you in advance.

 

--
Maria



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 06 December 2013 - 04:27 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 08 December 2013 - 04:11 PM

Hi TB-Psychotic,
 
Thank you for responding.  As I mentioned in my previous post, when I ran ComboFix and it rebooted the system, upon logging in as the same user I've been logging in as, the original profile that I was logged into was not found and a new profile was created.  Since then, whenever I log in, Windows is logging me into this new profile, not the original profile.  There isn't a new user name to log in as and I am logging in as the same user I've been logging in as, but the profile is different.  I had saved ComboFix.exe to the Desktop of the original profile.  As per your instructions, I saved CFScript.txt to the location where ComboFix wass saved to (the original profile, not the profile I'm logged into now).
 
When ComboFix launched an alert dialog displayed with the following text "There's a newer version of ComboFix available.  Would you like to update ComboFix?" Since your instructions did not mention this, I did not update ComboFix.
 
After running for a few minutes, ComboFix displayed an alert with the following text:
 
You are infected with Rootkit.ZeroAccess!  It has inserted itself into the tcp/ip stack.  This is a particularly difficult infection.
If for any reason that you're unable to connect to the internet after running ComboFix, reboot once and see if that fixes it.
If it's not fixed, rn ComboFix one more time.
[OK]
 
I clicked OK and ComboFix continued to run.  A few moments later, a ROOTKIT alert window displayed with the following text:
 
Tootkit is detected
Be patient as this may take some moments
[OK]
 
I clicked OK and a few moments later, the a Rootkit!! alert window displayed with the following text:
 
ComboFix has detected the presence of rootkit activity, and needs to reboot the machine
[OK]
 
I clicked OK and the machine rebooted, logged back in using the same user name I've been using.  Upon log in, Combo Fix continued to run.
ComboFix completed running and rebooted the system.  After logging back in, ComboFix continued to run until it finished and produced the log file.
 
There was no instructions to keep anti-virus disabled or re-enable it after CombiFix ran.  Since ComboFix had finished, and to protect the system, I re-enabled the Anti-Virus program.
 
Per instructions, I ran Malwarebytes Anti-Malware, updating the database as it was several days old.  Upon completion, Malwarebytes Anti-Malware did not find anything.
 
Logs for both ComboFix and Malwarebytes are posted as per instructions.
 
Thanks again for your help.
 
--
Maria
 
 
ComboFix log file:
 
ComboFix 13-12-04.02 - Celeste 12/06/2013  20:16:38.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1600 [GMT -8:00]
Running from: c:\documents and settings\Celeste\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Celeste\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\AUTHAPP_HEADER.JPG . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DOWNARROW00.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1025.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1028.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1037.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1038.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1041.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1042.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1081.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1095.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1097.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1098.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1099.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1100.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1102.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_2052.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_3098.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_DEFAULT.CSS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIP_ABC.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIP_AUDIOREPL.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIP_SPEAKER.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIPUSER.HTM . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IC_ALERT_LOW_16X.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\MULTIUSERSSO.HTM . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSER.HTM . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERFED.HTM . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSERS.HTM . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WAIT.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WAITPAGE.HTM . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_BOOK.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_FRAME.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_ICON_ERROR.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_LOGO_H.GIF . . . . Failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_USERTILE.GIF . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-07 to 2013-12-07  )))))))))))))))))))))))))))))))
.
.
2013-12-04 04:34 . 2013-12-07 04:31 -------- d-----w- c:\documents and settings\Celeste.CVARGAS
2013-12-01 15:52 . 2013-12-02 02:57 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-12-01 00:58 . 2013-12-01 00:58 -------- d-----w- c:\documents and settings\Celeste\Application Data\QuickScan
2013-11-30 01:31 . 2013-12-01 01:19 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-28 06:27 . 2013-12-01 01:30 -------- d-----w- C:\AdwCleaner
2013-11-18 05:08 . 2013-11-18 05:08 -------- d-----w- c:\documents and settings\Celeste\Application Data\Windows Search
2013-11-18 04:18 . 2013-11-18 04:18 -------- d-----w- c:\windows\system32\winrm
2013-11-18 04:18 . 2013-11-18 04:18 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-11-18 04:17 . 2013-11-18 05:12 -------- d-----w- c:\program files\Windows Desktop Search
2013-11-18 04:17 . 2013-11-18 04:17 -------- d-----w- c:\windows\system32\GroupPolicy
2013-11-18 04:16 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2013-11-18 04:16 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2013-11-18 04:16 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2013-11-18 04:12 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2013-11-18 03:44 . 2013-11-18 03:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software
2013-11-18 03:43 . 2013-08-16 21:56 216064 ----a-w- c:\windows\system32\gcapi_dll.dll
2013-11-18 01:41 . 2013-11-18 01:41 -------- d-----w- c:\documents and settings\Celeste\Application Data\Charles
2013-11-18 01:36 . 2013-11-18 01:36 -------- d-----w- c:\program files\Charles
2013-11-18 01:31 . 2013-11-18 01:31 -------- d-----w- c:\program files\Secunia
2013-11-17 08:11 . 2013-11-30 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-17 07:54 . 2013-11-17 07:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVAST Software
2013-11-17 06:59 . 2013-11-17 06:59 105176 ----a-w- c:\windows\system32\drivers\48230029.sys
2013-11-17 06:57 . 2013-11-30 16:50 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-17 06:39 . 2012-07-24 07:23 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-17 06:39 . 2012-07-24 07:23 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-17 06:39 . 2012-07-24 07:23 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-17 06:39 . 2013-04-10 03:18 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-17 06:39 . 2012-07-24 07:23 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-17 06:39 . 2012-07-24 07:23 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-11-17 06:39 . 2012-07-24 07:22 43152 ----a-w- c:\windows\avastSS.scr
2013-11-17 06:39 . 2012-07-24 07:22 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-05 03:05 . 2013-04-10 03:18 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-05 03:05 . 2013-04-10 03:18 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-13 07:25 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-10 17:50 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-10 17:51 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-10 17:51 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-10 17:50 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2011-11-20 19:43 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-17 06:39 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-03 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-17 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Celeste\Start Menu\Programs\Startup\AutorunsDisabled\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
 WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2010-2-2 303104]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-4-26 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\Belkin\\Router Setup and Monitor\\BelkinSetup.exe"=
"c:\\Program Files\\Charles\\Charles.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/9/2013 7:18 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/9/2013 7:18 PM 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/23/2012 11:23 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/23/2012 11:23 PM 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/23/2012 11:23 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/9/2013 7:18 PM 70384]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [4/29/2012 1:50 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [4/29/2012 1:50 PM 49152]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 11:37 AM 13672]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [4/29/2012 1:49 PM 246936]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 11:23 AM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 10:08 AM 174336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 12:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/13/2011 10:01 PM 994360]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [10/2/2011 10:45 PM 10112]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-12-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-24 06:38]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070426
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-06 20:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2172)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
.
**************************************************************************
.
Completion time: 2013-12-06  20:40:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-07 04:40
ComboFix2.txt  2013-12-04 04:42
.
Pre-Run: 112,172,085,248 bytes free
Post-Run: 112,180,051,968 bytes free
.
- - End Of File - - 70CBD5953E71048EBF0753B305992BEE
91722E6BC3A2B40FF00222DCA4A3DB3E
 
 
Malwarebytes log file:
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.07.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Celeste :: CVARGAS [administrator]

12/6/2013 8:47:33 PM
mbam-log-2013-12-06 (20-47-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 356525
Time elapsed: 1 hour(s), 55 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 10 December 2013 - 02:56 AM

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 11 December 2013 - 01:15 AM

Hi TB-Psychotic,

I ran both Malwarebytes Anti-Rootkit and ESET online scan.  I had to modify the ActiveX settings in Tools > Internet Options > Security > Internet Zone > Security Levels for this Zone in order for the ActiveX control to install.

 

Malwarebytes Anti-Rootkit log file:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.10.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Celeste :: CVARGAS [administrator]

12/10/2013 5:27:00 PM
mbar-log-2013-12-10 (17-27-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 292941
Time elapsed: 34 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

ESET Online Scan log file:

C:\Documents and Settings\Celeste\Desktop\virus clean software\2011\trojankiller2112-setup.exe a variant of Win32/1AntiVirus application
C:\Documents and Settings\Celeste\Desktop\virus clean software\2013\my investigation\JollyWallet\JollywalletRemovalTool.exe a variant of Win32/SecurityStronghold.A application
C:\Documents and Settings\Celeste\My Documents\Downloads\Minecraft.exe a variant of Win32/InstallCore.AZ application
 

 

 

For what ESET found, as indicated in my first post, I had previously installed Trojan Killer as part of my investigation to find out what was wrong with the system.  For the JollywalletRemovalTool.exe, one of the programs that I had ran (not sure if it was Trojan Killer or not), found a reference to JollyWallet in the registery.  While trying to find out what JollyWallet is I downloaded the JollywalletRemovalTool.exe file but did not run it.

 

Thanks again for your help.

 

--

Maria



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 12 December 2013 - 11:28 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 13 December 2013 - 12:35 AM

I ran both programs.  Here are the log files:

 

AdwCleaner log file:

# AdwCleaner v3.015 - Report created 12/12/2013 at 21:19:50
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Celeste - CVARGAS
# Running from : C:\Documents and Settings\Celeste.CVARGAS\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [1936 octets] - [27/11/2013 22:27:44]
AdwCleaner[R1].txt - [1039 octets] - [30/11/2013 17:26:43]
AdwCleaner[R2].txt - [1142 octets] - [12/12/2013 21:14:52]
AdwCleaner[S0].txt - [2027 octets] - [27/11/2013 22:28:37]
AdwCleaner[S1].txt - [1105 octets] - [30/11/2013 17:30:23]
AdwCleaner[S2].txt - [1068 octets] - [12/12/2013 21:19:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1128 octets] ##########

 

 

I've run AdwCleaner before and it found these same entries, and alledgedly deleted them.  Why would AdwCleaner find them again?

 

Security Check log file:

 Results of screen317's Security Check version 0.99.77 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 ESET Online Scanner v3  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Secunia PSI (2.0.0.4003)  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
 

 

--

Maria



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 14 December 2013 - 10:10 AM

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help you if aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 mv123

mv123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:04 AM

Posted 19 December 2013 - 12:58 AM

Hi,

Sorry for the late response.  I followed the clean-up instructions and used the system a bit.  There is some slowness, but it appears to be whenever avast is actively checking something (noted by the animated icon in the system tray).

 

Thanks again for your help.

 

--

Maria






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users