Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SAS found Trojan.Agent/Gen.Backdoor


  • This topic is locked This topic is locked
12 replies to this topic

#1 s9m15w12

s9m15w12

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 03 December 2013 - 09:37 PM

Svchost.exe has been running at nearly full CPU usage for a week or so.  I decided to do a scan with SuperAntiSpyware and it found: 

Trojan.Agent/Gen-Backdoor

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\36UG8QNG\RKILL[1].COM
 
It quarantined and removed the file but upon restart svchost.exe ran for about 5 minutes at full cpu usage.  I figure I'll give this a shot to see if you can help to make sure it is gone.  I'm trying to follow the prep guide so here goes:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Owner at 21:14:24 on 2013-12-03
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.594 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344694682171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344694645578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{21BDC5C3-6F42-4DEC-95FC-E9BAF6C8EAA4} : DHCPNameServer = 192.168.0.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-17 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-17 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-14 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2010-2-8 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-8 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-17 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-8 50344]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-17 92216]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-15 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-8-17 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2010-2-7 200192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\owner\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\owner\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 KNJFK;KNJFK;c:\docume~1\owner\locals~1\temp\knjfk.exe --> c:\docume~1\owner\locals~1\temp\KNJFK.exe [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-28 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-03 01:32:35 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-03 01:32:35 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-12-03 01:32:35 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-03 01:32:27 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-12-03 01:32:19 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-03 01:32:19 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-12-03 01:32:19 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-12-02 23:44:53 -------- d-----w- c:\documents and settings\owner\application data\HpUpdate
2013-11-09 18:53:38 -------- d-----w- c:\program files\iPod
2013-11-09 18:53:18 -------- d-----w- c:\program files\iTunes
2013-11-09 18:53:18 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M  ====================
.
2013-12-03 00:38:29 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-03 00:38:29 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 00:38:27 43152 ----a-w- c:\windows\avastSS.scr
2013-12-03 00:36:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 00:36:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-20 02:57:54 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-20 02:57:54 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 11:51:05 873384 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-10-08 11:51:00 796072 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-08 11:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 21:15:39.26 ===============
 

Attached Files


Edited by s9m15w12, 03 December 2013 - 09:40 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:20 PM

Posted 08 December 2013 - 09:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516285 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 s9m15w12

s9m15w12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 10 December 2013 - 06:30 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Owner at 18:17:01 on 2013-12-10
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\Install\{41E27888-D79C-4422-A108-3E9325C9CC14}\GoogleUpdateSetup.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1344694682171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344694645578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{21BDC5C3-6F42-4DEC-95FC-E9BAF6C8EAA4} : DHCPNameServer = 192.168.0.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? AdWatchDrv;AW Realtime Driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? EraserUtilRebootDrv;EraserUtilRebootDrv
R? KNJFK;KNJFK
R? NPF;NetGroup Packet Filter Driver
R? pciinfo;HP Pci Information
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? HPDrvMntSvc.exe;HP Quick Synchronization Service
S? HSFHWATI;HSFHWATI
S? IntuitUpdateServiceV4;Intuit Update Service v4
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Viewpoint Manager Service;Viewpoint Manager Service
S? WDDMService;WD SmartWare Drive Manager
S? WDSmartWareBackgroundService;WD SmartWare Background Service
.
=============== Created Last 30 ================
.
2013-12-10 22:57:31 49940480 ----a-w- c:\program files\GUT12E9.tmp
2013-12-10 22:57:26 -------- d-----w- c:\program files\GUM12E7.tmp
2013-12-03 01:32:35 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-03 01:32:35 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-12-03 01:32:35 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-03 01:32:27 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-12-03 01:32:19 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-03 01:32:19 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-12-03 01:32:19 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-12-02 23:44:53 -------- d-----w- c:\documents and settings\owner\application data\HpUpdate
.
==================== Find3M  ====================
.
2013-12-03 00:38:29 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-03 00:38:29 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 00:38:27 43152 ----a-w- c:\windows\avastSS.scr
2013-12-03 00:36:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 00:36:04 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-20 02:57:54 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-20 02:57:54 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 11:51:05 873384 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-10-08 11:51:00 796072 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-08 11:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 18:26:43.46 ===============
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:20 PM

Posted 10 December 2013 - 11:17 PM

Greetings s9m15w12 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Edited by Oh My, 10 December 2013 - 11:25 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 s9m15w12

s9m15w12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 11 December 2013 - 10:25 PM

ComboFix 13-12-10.01 - Owner 12/11/2013  21:57:55.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.893 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
c:\documents and settings\Owner\WINDOWS
C:\install.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SET40.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-12 to 2013-12-12  )))))))))))))))))))))))))))))))
.
.
2013-12-03 01:32 . 2013-07-17 00:58 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-03 01:32 . 2013-07-17 00:58 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-12-03 01:32 . 2013-07-17 00:58 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-03 01:32 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-12-03 01:32 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-12-03 01:32 . 2013-08-09 00:55 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-03 01:32 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-12-02 23:44 . 2013-12-03 00:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 00:38 . 2013-04-18 00:22 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 00:38 . 2011-05-14 18:54 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-03 00:38 . 2010-02-09 03:51 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-03 00:38 . 2010-02-09 03:51 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-03 00:38 . 2010-02-09 03:51 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-03 00:38 . 2010-07-05 06:05 43152 ----a-w- c:\windows\avastSS.scr
2013-12-03 00:38 . 2010-02-09 03:50 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-03 00:36 . 2012-04-06 16:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 00:36 . 2011-05-21 18:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-16 21:25 . 2010-02-09 03:51 403440 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-13 02:59 . 2004-08-04 08:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 08:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2010-02-07 21:37 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-04 08:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 08:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 08:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-20 02:57 . 2013-04-18 00:22 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-20 02:57 . 2013-04-18 00:22 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-12 15:56 . 2004-08-04 08:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-04 08:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 11:51 . 2012-07-26 02:31 873384 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-10-08 11:51 . 2012-02-17 01:12 796072 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-08 11:50 . 2013-10-22 01:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29 . 2013-05-25 21:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59 . 2004-08-04 08:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2009-01-27 01:34 . 2013-10-22 01:51 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2013-10-22 01:51 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-03 00:38 321752 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-12-03 3568312]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-04-06 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 05:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-12-03 00:41 5717272 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WebrootSpySweeperService"=2 (0x2)
"AresChatServer"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/17/2013 7:22 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/17/2013 7:22 PM 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/14/2011 1:54 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2/8/2010 10:51 PM 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 10:51 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/17/2013 7:22 PM 70384]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [3/17/2011 4:45 PM 92216]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 3:53 PM 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/17/2009 10:52 AM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2/7/2010 3:01 PM 200192]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\Owner\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Owner\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\AWRTPD.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 KNJFK;KNJFK;c:\docume~1\Owner\LOCALS~1\Temp\KNJFK.exe --> c:\docume~1\Owner\LOCALS~1\Temp\KNJFK.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/28/2010 7:41 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ   getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2013-12-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-05 00:38]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284744064-787013025-1413472021-1005Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 23:24]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284744064-787013025-1413472021-1005UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 23:24]
.
2013-12-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-svcWRSSSDK
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-SpySweeper - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-11 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-284744064-787013025-1413472021-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{490F2B4E-F5C3-EB1A-10B7-940C2A8E7DC3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbcebmeneekgcdfidbcgmfgkjnicooebibhc"=hex:6a,61,67,66,6c,6e,63,68,65,65,6f,6b,
   63,6a,6f,6a,6f,61,70,69,00,dd
"abmdoedbmegepelbalgmehmellbocoedjc"=hex:6a,61,68,69,70,6b,62,6a,63,65,6f,6d,
   66,6e,6c,68,6d,62,66,65,00,00
"iacebmeneekgcdfidb"=hex:61,61,00,00
"hamdoedbmegepelb"=hex:61,61,00,00
"iagdihhjonggoikpcd"=hex:61,61,00,00
"abgdigoiaonndlbnnlbdcnfacjeipemefk"=hex:61,61,00,00
"mafdhgkkbmgieoidlldchjepdp"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-284744064-787013025-1413472021-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9610980-FF09-F9DA-27BE-AEBC728785FA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbelfbjfalgmhjnahheagalmdihgohlapadl"=hex:6a,61,6e,6c,6f,63,68,6a,6a,6f,6a,6d,
   65,70,65,6d,6e,65,66,6a,00,00
"abklpjbenhionnmgfcnnhiecbmgepkeadc"=hex:6a,61,6e,6c,6f,63,68,6a,6a,6f,6a,6d,
   65,70,65,6d,6e,65,66,6a,00,00
"iaelfbjfalgmhjnahh"=hex:61,61,00,01
"haklpjbenhionnmg"=hex:61,61,00,01
"iaacnadhkfhdmdmaik"=hex:61,61,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C0DD146-A2A6-BFA4-F4B84228CE730E88}\{718890A1-4FA8-4866-06B3B07592C0C36E}\{C0B10667-122D-45CB-48A7F7AE622314D0}*]
"YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
   9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\plug_ins\\Accessibility.api"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{FE137D28-8FAE-4828-9CAD-3A064A9B6C2D}\1.0]
@DACL=(02 0000)
@="wlscBase 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
.
**************************************************************************
.
Completion time: 2013-12-11  22:21:36 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-12 03:21
.
Pre-Run: 52,533,243,904 bytes free
Post-Run: 52,593,385,472 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 72DC6431F2E6A5545A8FFB999F3FC279
671B81004FDD1588FA9ED1331C9CECA9
 
 
I did get a PEV.3xe has stopped working after stage 4.
 
Thanks Gary!
 
Scott


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:20 PM

Posted 11 December 2013 - 11:04 PM

Hi Scott,

Thanks for the information about the PEV.3xe file. We got what we needed.

I would like to clean up one entry then run an additional program. Please do this.

BTW I will most likely be shutting down for the evening before you get a chance to post but I will be checking back in first thing in the morning.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
Driver::
KNJFK
File::
c:\docume~1\Owner\LOCALS~1\Temp\KNJFK.exe
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Run TDSSKiller by Kaspersky on XP

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


tdss2.png


  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


tdss4.png


  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • TDSSKiller log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 s9m15w12

s9m15w12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 12 December 2013 - 07:19 PM

ComboFix 13-12-12.03 - Owner 12/12/2013  18:41:20.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.755 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\KNJFK.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KNJFK
-------\Service_KNJFK
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-12 to 2013-12-12  )))))))))))))))))))))))))))))))
.
.
2013-12-03 01:32 . 2013-07-17 00:58 123008 ------w- c:\windows\system32\dllcache\usbvideo.sys
2013-12-03 01:32 . 2013-07-17 00:58 46848 ------w- c:\windows\system32\dllcache\irbus.sys
2013-12-03 01:32 . 2013-07-17 00:58 60160 ------w- c:\windows\system32\dllcache\usbaudio.sys
2013-12-03 01:32 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2013-12-03 01:32 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2013-12-03 01:32 . 2013-08-09 00:55 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2013-12-03 01:32 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2013-12-02 23:44 . 2013-12-03 00:06 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-03 00:38 . 2013-04-18 00:22 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 00:38 . 2011-05-14 18:54 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-03 00:38 . 2010-02-09 03:51 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-12-03 00:38 . 2010-02-09 03:51 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-03 00:38 . 2010-02-09 03:51 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-12-03 00:38 . 2010-07-05 06:05 43152 ----a-w- c:\windows\avastSS.scr
2013-12-03 00:38 . 2010-02-09 03:50 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-03 00:36 . 2012-04-06 16:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 00:36 . 2011-05-21 18:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-16 21:25 . 2010-02-09 03:51 403440 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-13 02:59 . 2004-08-04 08:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-04 08:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2010-02-07 21:37 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2004-08-04 08:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2004-08-04 08:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2004-08-04 08:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-20 02:57 . 2013-04-18 00:22 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-20 02:57 . 2013-04-18 00:22 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-12 15:56 . 2004-08-04 08:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-04 08:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 11:51 . 2012-07-26 02:31 873384 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-10-08 11:51 . 2012-02-17 01:12 796072 ----a-w- c:\windows\system32\deployJava1.dll
2013-10-08 11:50 . 2013-10-22 01:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29 . 2013-05-25 21:00 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59 . 2004-08-04 08:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2009-01-27 01:34 . 2013-10-22 01:51 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2013-10-22 01:51 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-03 00:38 321752 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-12-03 3568312]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-04-06 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 05:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-12-03 00:41 5717272 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WebrootSpySweeperService"=2 (0x2)
"AresChatServer"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/17/2013 7:22 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/17/2013 7:22 PM 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/14/2011 1:54 PM 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2/8/2010 10:51 PM 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 10:51 PM 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/17/2013 7:22 PM 70384]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [3/17/2011 4:45 PM 92216]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 3:53 PM 24652]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8/17/2009 10:52 AM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2/7/2010 3:01 PM 200192]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\Owner\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\Owner\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\AWRTPD.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2/28/2010 7:41 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ   getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2013-12-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-05 00:38]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284744064-787013025-1413472021-1005Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 23:24]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-284744064-787013025-1413472021-1005UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-02 23:24]
.
2013-12-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-12 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-284744064-787013025-1413472021-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{490F2B4E-F5C3-EB1A-10B7-940C2A8E7DC3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbcebmeneekgcdfidbcgmfgkjnicooebibhc"=hex:6a,61,67,66,6c,6e,63,68,65,65,6f,6b,
   63,6a,6f,6a,6f,61,70,69,00,dd
"abmdoedbmegepelbalgmehmellbocoedjc"=hex:6a,61,68,69,70,6b,62,6a,63,65,6f,6d,
   66,6e,6c,68,6d,62,66,65,00,00
"iacebmeneekgcdfidb"=hex:61,61,00,00
"hamdoedbmegepelb"=hex:61,61,00,00
"iagdihhjonggoikpcd"=hex:61,61,00,00
"abgdigoiaonndlbnnlbdcnfacjeipemefk"=hex:61,61,00,00
"mafdhgkkbmgieoidlldchjepdp"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-284744064-787013025-1413472021-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9610980-FF09-F9DA-27BE-AEBC728785FA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"bbelfbjfalgmhjnahheagalmdihgohlapadl"=hex:6a,61,6e,6c,6f,63,68,6a,6a,6f,6a,6d,
   65,70,65,6d,6e,65,66,6a,00,00
"abklpjbenhionnmgfcnnhiecbmgepkeadc"=hex:6a,61,6e,6c,6f,63,68,6a,6a,6f,6a,6d,
   65,70,65,6d,6e,65,66,6a,00,00
"iaelfbjfalgmhjnahh"=hex:61,61,00,01
"haklpjbenhionnmg"=hex:61,61,00,01
"iaacnadhkfhdmdmaik"=hex:61,61,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C0DD146-A2A6-BFA4-F4B84228CE730E88}\{718890A1-4FA8-4866-06B3B07592C0C36E}\{C0B10667-122D-45CB-48A7F7AE622314D0}*]
"YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
   9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\plug_ins\\Accessibility.api"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{FE137D28-8FAE-4828-9CAD-3A064A9B6C2D}\1.0]
@DACL=(02 0000)
@="wlscBase 1.0 Type Library"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
.
**************************************************************************
.
Completion time: 2013-12-12  19:04:17 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-13 00:04
ComboFix2.txt  2013-12-12 03:21
.
Pre-Run: 52,521,906,176 bytes free
Post-Run: 52,512,395,264 bytes free
.
- - End Of File - - 188DCE41ECD3C380EC5E2D480A3147E9
671B81004FDD1588FA9ED1331C9CECA9
 
 
19:12:49.0343 0x0160  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
19:13:01.0140 0x0160  ============================================================
19:13:01.0140 0x0160  Current date / time: 2013/12/12 19:13:01.0140
19:13:01.0140 0x0160  SystemInfo:
19:13:01.0140 0x0160  
19:13:01.0140 0x0160  OS Version: 5.1.2600 ServicePack: 3.0
19:13:01.0140 0x0160  Product type: Workstation
19:13:01.0140 0x0160  ComputerName: YOUR-A9279112E3
19:13:01.0140 0x0160  UserName: Owner
19:13:01.0140 0x0160  Windows directory: C:\WINDOWS
19:13:01.0140 0x0160  System windows directory: C:\WINDOWS
19:13:01.0140 0x0160  Processor architecture: Intel x86
19:13:01.0140 0x0160  Number of processors: 1
19:13:01.0140 0x0160  Page size: 0x1000
19:13:01.0140 0x0160  Boot type: Normal boot
19:13:01.0140 0x0160  ============================================================
19:13:05.0250 0x0160  KLMD registered as C:\WINDOWS\system32\drivers\91374620.sys
19:13:05.0328 0x0160  System UUID: {B9F986ED-EC0D-9F71-4D8C-0B0A938B6B1B}
19:13:06.0421 0x0160  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:13:06.0421 0x0160  ============================================================
19:13:06.0421 0x0160  \Device\Harddisk0\DR0:
19:13:06.0421 0x0160  MBR partitions:
19:13:06.0421 0x0160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
19:13:06.0421 0x0160  ============================================================
19:13:06.0453 0x0160  C: <-> \Device\Harddisk0\DR0\Partition1
19:13:06.0453 0x0160  ============================================================
19:13:06.0453 0x0160  Initialize success
19:13:06.0453 0x0160  ============================================================
19:13:16.0156 0x0a28  ============================================================
19:13:16.0156 0x0a28  Scan started
19:13:16.0156 0x0a28  Mode: Manual; 
19:13:16.0156 0x0a28  ============================================================
19:13:16.0156 0x0a28  KSN ping started
19:13:16.0453 0x0a28  KSN ping finished: true
19:13:17.0468 0x0a28  ================ Scan system memory ========================
19:13:17.0468 0x0a28  System memory - ok
19:13:17.0468 0x0a28  ================ Scan services =============================
19:13:17.0640 0x0a28  [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:13:17.0656 0x0a28  !SASCORE - ok
19:13:18.0062 0x0a28  Abiosdsk - ok
19:13:18.0078 0x0a28  abp480n5 - ok
19:13:18.0171 0x0a28  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:13:18.0187 0x0a28  ACPI - ok
19:13:18.0218 0x0a28  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:13:18.0234 0x0a28  ACPIEC - ok
19:13:18.0250 0x0a28  adpu160m - ok
19:13:18.0265 0x0a28  AdWatchDrv - ok
19:13:18.0328 0x0a28  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:13:18.0328 0x0a28  aec - ok
19:13:18.0421 0x0a28  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:13:18.0437 0x0a28  AFD - ok
19:13:18.0453 0x0a28  Aha154x - ok
19:13:18.0468 0x0a28  aic78u2 - ok
19:13:18.0484 0x0a28  aic78xx - ok
19:13:18.0546 0x0a28  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:13:18.0546 0x0a28  Alerter - ok
19:13:18.0593 0x0a28  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
19:13:18.0593 0x0a28  ALG - ok
19:13:18.0609 0x0a28  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
19:13:18.0609 0x0a28  AliIde - ok
19:13:18.0687 0x0a28  [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:13:18.0687 0x0a28  AmdPPM - ok
19:13:18.0703 0x0a28  amsint - ok
19:13:18.0796 0x0a28  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:13:18.0812 0x0a28  Apple Mobile Device - ok
19:13:18.0875 0x0a28  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:13:18.0890 0x0a28  AppMgmt - ok
19:13:18.0921 0x0a28  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:13:18.0937 0x0a28  Arp1394 - ok
19:13:18.0953 0x0a28  asc - ok
19:13:18.0984 0x0a28  asc3350p - ok
19:13:19.0000 0x0a28  asc3550 - ok
19:13:19.0203 0x0a28  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:13:19.0250 0x0a28  aspnet_state - ok
19:13:19.0312 0x0a28  [ 74202D5A696A412733B387BD18400E4C, 8E85AF6EC5E5E45E9D5AB781D812B480E4242B2B2D8607270FB175E24FD0A0D9 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:13:19.0312 0x0a28  aswFsBlk - ok
19:13:19.0390 0x0a28  [ AA3397F034871DE76A74585774029580, 166635E38E062856F8453A1E3EC253AD4A11B2D43CBE8EDB0191EC1AEC498F68 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
19:13:19.0390 0x0a28  aswMonFlt - ok
19:13:19.0421 0x0a28  [ 9F597676EDA29D6619C5E76F523892D7, 7CB50BBB87EC42B0310A9191552C565ABA1CB821F03B9309F47841949CB3B2E4 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
19:13:19.0421 0x0a28  aswRdr - ok
19:13:19.0453 0x0a28  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
19:13:19.0453 0x0a28  aswRvrt - ok
19:13:19.0593 0x0a28  [ BB27A67D7F465D2720D74B5223DD91E4, 41B06E71477F85908F926A3C80324AAF5D014B61B29073720A6E2D90190D0B82 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
19:13:19.0656 0x0a28  aswSnx - ok
19:13:19.0765 0x0a28  [ 259E864BFB9268CD7CEFA5849A3B374B, EF1BE2581A53A6FCCE64ECE63AF2CF3D84592D472694102FD147ADE57C0F4697 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
19:13:19.0812 0x0a28  aswSP - ok
19:13:19.0859 0x0a28  [ AB499F3325E62E157F8E8302065B1B30, 512D6C7324815F8589F8647199373102613810DB33C1FD1379E339F2BAA18F46 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
19:13:19.0859 0x0a28  aswTdi - ok
19:13:19.0921 0x0a28  [ BADA8FD627F1D0E22308211C33F0BDB5, F88751280969B8963DCFC684C99C7CCF396B50FD0AC0F869628A009557438609 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
19:13:19.0921 0x0a28  aswVmm - ok
19:13:19.0953 0x0a28  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:13:19.0953 0x0a28  AsyncMac - ok
19:13:20.0015 0x0a28  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:13:20.0015 0x0a28  atapi - ok
19:13:20.0046 0x0a28  Atdisk - ok
19:13:20.0125 0x0a28  [ ABC57A6F6070BAF9786C318F59F29F0B, 756A5689FABF133DBB0581F3BDA5DED03AE3CB97B3B960FA299D584CF30A2E75 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:13:20.0171 0x0a28  Ati HotKey Poller - ok
19:13:20.0312 0x0a28  [ 03621F7F968FF63713943405DEB777F9, 71D346A8130AFC91BF6963DAE61D099648EA9A4D8BA40C4BDCC8ED142FE81217 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:13:20.0484 0x0a28  ati2mtag - ok
19:13:20.0546 0x0a28  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:13:20.0546 0x0a28  Atmarpc - ok
19:13:20.0625 0x0a28  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:13:20.0625 0x0a28  AudioSrv - ok
19:13:20.0687 0x0a28  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:13:20.0703 0x0a28  audstub - ok
19:13:20.0812 0x0a28  [ 4D41D30E2FAB3307967C7A0B045DC874, 620482D08544478862C78285E17DEE9BC3466DF8B62BD502B0C17AE6501D2B5E ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:13:20.0828 0x0a28  avast! Antivirus - ok
19:13:21.0046 0x0a28  [ 37F385A93C620CBE0F89C17E45F697A1, A48B9B03BA482BBC80B39FEE129580F6EE5FCC977E4865A0A8E6102DD65C2867 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:13:21.0218 0x0a28  BCM43XX - ok
19:13:21.0250 0x0a28  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:13:21.0265 0x0a28  Beep - ok
19:13:21.0375 0x0a28  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:13:21.0437 0x0a28  BITS - ok
19:13:21.0562 0x0a28  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:13:21.0609 0x0a28  Bonjour Service - ok
19:13:21.0687 0x0a28  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
19:13:21.0703 0x0a28  Browser - ok
19:13:21.0765 0x0a28  [ 23913C28AC89875BBFA03BCCDC3A41E5, 494C22F12D001E47A83AFBE5772698899597149122307ACF5B3D91A7E644A16E ] CAMCAUD         C:\WINDOWS\system32\drivers\camc6aud.sys
19:13:21.0765 0x0a28  CAMCAUD - ok
19:13:21.0859 0x0a28  [ E6EDB12A44DAFCEF05DBDDF3ED652388, 245FD5871163D2EB98266FB3F566D1FF39872ABFDA803CA9A29029D4D35105E5 ] CAMCHALA        C:\WINDOWS\system32\drivers\camc6hal.sys
19:13:21.0906 0x0a28  CAMCHALA - ok
19:13:21.0921 0x0a28  catchme - ok
19:13:21.0968 0x0a28  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:13:21.0968 0x0a28  cbidf2k - ok
19:13:22.0078 0x0a28  [ 359E5A91D26D0439933BEF1C29CEDEF7, 648563646BA023C7C0CB2A707062E5B93DC4C81D904726D5002FB316C8623D66 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
19:13:22.0093 0x0a28  CCALib8 - ok
19:13:22.0109 0x0a28  cd20xrnt - ok
19:13:22.0140 0x0a28  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:13:22.0140 0x0a28  Cdaudio - ok
19:13:22.0218 0x0a28  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:13:22.0218 0x0a28  Cdfs - ok
19:13:22.0265 0x0a28  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:13:22.0265 0x0a28  Cdrom - ok
19:13:22.0281 0x0a28  Changer - ok
19:13:22.0343 0x0a28  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:13:22.0343 0x0a28  CiSvc - ok
19:13:22.0375 0x0a28  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:13:22.0390 0x0a28  ClipSrv - ok
19:13:22.0437 0x0a28  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:22.0484 0x0a28  clr_optimization_v2.0.50727_32 - ok
19:13:22.0625 0x0a28  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:22.0640 0x0a28  clr_optimization_v4.0.30319_32 - ok
19:13:22.0671 0x0a28  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:13:22.0671 0x0a28  CmBatt - ok
19:13:22.0687 0x0a28  CmdIde - ok
19:13:22.0718 0x0a28  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:13:22.0718 0x0a28  Compbatt - ok
19:13:22.0734 0x0a28  COMSysApp - ok
19:13:22.0765 0x0a28  Cpqarray - ok
19:13:22.0859 0x0a28  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:13:22.0859 0x0a28  CryptSvc - ok
19:13:22.0875 0x0a28  dac2w2k - ok
19:13:22.0890 0x0a28  dac960nt - ok
19:13:23.0000 0x0a28  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:13:23.0062 0x0a28  DcomLaunch - ok
19:13:23.0156 0x0a28  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:13:23.0171 0x0a28  Dhcp - ok
19:13:23.0203 0x0a28  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:13:23.0203 0x0a28  Disk - ok
19:13:23.0218 0x0a28  dmadmin - ok
19:13:23.0359 0x0a28  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:13:23.0453 0x0a28  dmboot - ok
19:13:23.0515 0x0a28  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:13:23.0531 0x0a28  dmio - ok
19:13:23.0578 0x0a28  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:13:23.0578 0x0a28  dmload - ok
19:13:23.0625 0x0a28  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:13:23.0625 0x0a28  dmserver - ok
19:13:23.0656 0x0a28  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:13:23.0671 0x0a28  DMusic - ok
19:13:23.0734 0x0a28  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:13:23.0750 0x0a28  Dnscache - ok
19:13:23.0812 0x0a28  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:13:23.0828 0x0a28  Dot3svc - ok
19:13:23.0843 0x0a28  dpti2o - ok
19:13:23.0890 0x0a28  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:13:23.0890 0x0a28  drmkaud - ok
19:13:23.0953 0x0a28  [ 81B7808D3B5892388F33273119C2DC31, FF0E643EBD40D832985835D8A79D68FD35BFD806D511048A4A16624F69A33743 ] eabfiltr        C:\WINDOWS\system32\drivers\EABFiltr.sys
19:13:23.0968 0x0a28  eabfiltr - ok
19:13:24.0000 0x0a28  [ 1BA14DA377B66278335D4B9E8824CD42, 0570637390629D19B9EBBED451BBBA5F5797BC1F4E4182562FEF25EC8272E216 ] eabusb          C:\WINDOWS\system32\drivers\eabusb.sys
19:13:24.0015 0x0a28  eabusb - ok
19:13:24.0078 0x0a28  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:13:24.0078 0x0a28  EapHost - ok
19:13:24.0125 0x0a28  eeCtrl - ok
19:13:24.0140 0x0a28  EraserUtilRebootDrv - ok
19:13:24.0203 0x0a28  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:13:24.0203 0x0a28  ERSvc - ok
19:13:24.0265 0x0a28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
19:13:24.0296 0x0a28  Eventlog - ok
19:13:24.0390 0x0a28  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
19:13:24.0406 0x0a28  EventSystem - ok
19:13:24.0453 0x0a28  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:13:24.0468 0x0a28  Fastfat - ok
19:13:24.0562 0x0a28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:13:24.0578 0x0a28  FastUserSwitchingCompatibility - ok
19:13:24.0625 0x0a28  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:13:24.0625 0x0a28  Fdc - ok
19:13:24.0718 0x0a28  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:13:24.0718 0x0a28  Fips - ok
19:13:24.0765 0x0a28  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:13:24.0765 0x0a28  Flpydisk - ok
19:13:24.0843 0x0a28  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:13:24.0859 0x0a28  FltMgr - ok
19:13:25.0000 0x0a28  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:13:25.0015 0x0a28  FontCache3.0.0.0 - ok
19:13:25.0078 0x0a28  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:13:25.0078 0x0a28  Fs_Rec - ok
19:13:25.0109 0x0a28  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:13:25.0125 0x0a28  Ftdisk - ok
19:13:25.0187 0x0a28  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:13:25.0187 0x0a28  GEARAspiWDM - ok
19:13:25.0265 0x0a28  [ 63677825D08CF4458CAAE9EF2372E5D6, AEE4CDB5C468A20582FE518F0B734F2B002E17922708B47F8CFA973D840AA4C4 ] getPlusHelper   C:\Program Files\NOS\bin\getPlus_Helper.dll
19:13:25.0281 0x0a28  getPlusHelper - ok
19:13:25.0343 0x0a28  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:13:25.0343 0x0a28  Gpc - ok
19:13:25.0468 0x0a28  [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C, 8F62DF65DB30770448E297D000B570683DEA454A5D84B5BCB1478D91030212DB ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:13:25.0484 0x0a28  gusvc - ok
19:13:25.0593 0x0a28  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:13:25.0609 0x0a28  helpsvc - ok
19:13:25.0687 0x0a28  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:13:25.0687 0x0a28  HidServ - ok
19:13:25.0765 0x0a28  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:13:25.0765 0x0a28  HidUsb - ok
19:13:25.0843 0x0a28  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:13:25.0859 0x0a28  hkmsvc - ok
19:13:25.0968 0x0a28  [ 14E3C3E8434D7F92C0496A1AF8503061, 1AF425C28F2CBADE8456A3B410A8A4B6D88C979CB91F231DE8FD09BF9EA1F0C2 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:13:25.0984 0x0a28  HPDrvMntSvc.exe - ok
19:13:26.0000 0x0a28  hpn - ok
19:13:26.0078 0x0a28  [ 6745820C1B0783A367F03DA128F5B1E2, DCE608B384A7C43C54006370AF136D12030D95DB6703E08E488C264BB85E42DE ] hpqwmi          C:\Program Files\HPQ\SHARED\HPQWMI.exe
19:13:26.0093 0x0a28  hpqwmi - ok
19:13:26.0218 0x0a28  [ 33C884A6BDD35F22E3C2BDDC55BC13DE, FB03C58BD95780BF43BC730E7D2B4DBA26BD85B8AFC6C4A401B054423A2AA956 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
19:13:26.0281 0x0a28  hpqwmiex - ok
19:13:26.0375 0x0a28  [ 13D4B70BF2F9BC550E9079DA864D3EC1, DB97095AAB6C5524A496FA625AAF18775173EB401A589CB743F0DC72CDEBCBA6 ] HSFHWATI        C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
19:13:26.0390 0x0a28  HSFHWATI - ok
19:13:26.0500 0x0a28  [ DFA8F86C0DBCA7DB948043AA3BE6793B, A3F0A3899AF89BF9515BD1BBFDA857F6087CA7CF6CF9FF610B6537A94D5CD65A ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:13:26.0609 0x0a28  HSF_DP - ok
19:13:26.0703 0x0a28  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:13:26.0718 0x0a28  HTTP - ok
19:13:26.0812 0x0a28  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:13:26.0828 0x0a28  HTTPFilter - ok
19:13:26.0843 0x0a28  i2omgmt - ok
19:13:26.0859 0x0a28  i2omp - ok
19:13:26.0937 0x0a28  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:13:26.0937 0x0a28  i8042prt - ok
19:13:27.0109 0x0a28  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:13:27.0109 0x0a28  IDriverT - ok
19:13:27.0265 0x0a28  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:13:27.0343 0x0a28  idsvc - ok
19:13:27.0406 0x0a28  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:13:27.0406 0x0a28  Imapi - ok
19:13:27.0500 0x0a28  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:13:27.0515 0x0a28  ImapiService - ok
19:13:27.0546 0x0a28  ini910u - ok
19:13:27.0562 0x0a28  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
19:13:27.0578 0x0a28  IntelIde - ok
19:13:27.0640 0x0a28  [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:13:27.0640 0x0a28  IntuitUpdateService - ok
19:13:27.0718 0x0a28  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:13:27.0718 0x0a28  IntuitUpdateServiceV4 - ok
19:13:27.0796 0x0a28  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:13:27.0796 0x0a28  Ip6Fw - ok
19:13:27.0875 0x0a28  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:13:27.0875 0x0a28  IpFilterDriver - ok
19:13:27.0906 0x0a28  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:13:27.0906 0x0a28  IpInIp - ok
19:13:27.0984 0x0a28  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:13:28.0000 0x0a28  IpNat - ok
19:13:28.0140 0x0a28  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:13:28.0203 0x0a28  iPod Service - ok
19:13:28.0250 0x0a28  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:13:28.0265 0x0a28  IPSec - ok
19:13:28.0296 0x0a28  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:13:28.0312 0x0a28  IRENUM - ok
19:13:28.0343 0x0a28  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:13:28.0343 0x0a28  isapnp - ok
19:13:28.0484 0x0a28  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:13:28.0500 0x0a28  JavaQuickStarterService - ok
19:13:28.0546 0x0a28  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:13:28.0562 0x0a28  Kbdclass - ok
19:13:28.0593 0x0a28  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:13:28.0593 0x0a28  kbdhid - ok
19:13:28.0656 0x0a28  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:13:28.0671 0x0a28  kmixer - ok
19:13:28.0750 0x0a28  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:13:28.0765 0x0a28  KSecDD - ok
19:13:28.0843 0x0a28  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:13:28.0859 0x0a28  lanmanserver - ok
19:13:28.0937 0x0a28  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:13:28.0968 0x0a28  lanmanworkstation - ok
19:13:28.0984 0x0a28  lbrtfdc - ok
19:13:29.0125 0x0a28  [ 957C72DE44D0CDAD573231532ABF107E, BF2D7E645B50C112E170F1C5DF7443DE30A3F74BDD98DF3DCCB92F69B38BA917 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:13:29.0125 0x0a28  LightScribeService - ok
19:13:29.0203 0x0a28  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:13:29.0203 0x0a28  LmHosts - ok
19:13:29.0250 0x0a28  [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:13:29.0250 0x0a28  mdmxsdk - ok
19:13:29.0296 0x0a28  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:13:29.0312 0x0a28  Messenger - ok
19:13:29.0359 0x0a28  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:13:29.0359 0x0a28  mnmdd - ok
19:13:29.0421 0x0a28  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:13:29.0437 0x0a28  mnmsrvc - ok
19:13:29.0500 0x0a28  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:13:29.0500 0x0a28  Modem - ok
19:13:29.0531 0x0a28  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:13:29.0531 0x0a28  Mouclass - ok
19:13:29.0593 0x0a28  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:13:29.0609 0x0a28  mouhid - ok
19:13:29.0656 0x0a28  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:13:29.0656 0x0a28  MountMgr - ok
19:13:29.0671 0x0a28  mraid35x - ok
19:13:29.0718 0x0a28  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:13:29.0734 0x0a28  MRxDAV - ok
19:13:29.0859 0x0a28  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:13:29.0906 0x0a28  MRxSmb - ok
19:13:29.0921 0x0a28  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:13:29.0937 0x0a28  MSDTC - ok
19:13:30.0015 0x0a28  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:13:30.0015 0x0a28  Msfs - ok
19:13:30.0031 0x0a28  MSIServer - ok
19:13:30.0062 0x0a28  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:13:30.0078 0x0a28  MSKSSRV - ok
19:13:30.0093 0x0a28  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:13:30.0093 0x0a28  MSPCLOCK - ok
19:13:30.0125 0x0a28  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:13:30.0125 0x0a28  MSPQM - ok
19:13:30.0156 0x0a28  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:13:30.0156 0x0a28  mssmbios - ok
19:13:30.0218 0x0a28  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:13:30.0234 0x0a28  Mup - ok
19:13:30.0343 0x0a28  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:13:30.0390 0x0a28  napagent - ok
19:13:30.0421 0x0a28  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:13:30.0437 0x0a28  NDIS - ok
19:13:30.0484 0x0a28  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:13:30.0500 0x0a28  NdisTapi - ok
19:13:30.0531 0x0a28  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:13:30.0531 0x0a28  Ndisuio - ok
19:13:30.0562 0x0a28  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:13:30.0578 0x0a28  NdisWan - ok
19:13:30.0656 0x0a28  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:13:30.0656 0x0a28  NDProxy - ok
19:13:30.0671 0x0a28  neokdss - ok
19:13:30.0703 0x0a28  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:13:30.0703 0x0a28  NetBIOS - ok
19:13:30.0750 0x0a28  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:13:30.0765 0x0a28  NetBT - ok
19:13:30.0828 0x0a28  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:13:30.0859 0x0a28  NetDDE - ok
19:13:30.0875 0x0a28  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:13:30.0890 0x0a28  NetDDEdsdm - ok
19:13:30.0937 0x0a28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:13:30.0937 0x0a28  Netlogon - ok
19:13:30.0984 0x0a28  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
19:13:31.0015 0x0a28  Netman - ok
19:13:31.0078 0x0a28  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:31.0093 0x0a28  NetTcpPortSharing - ok
19:13:31.0125 0x0a28  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:13:31.0140 0x0a28  NIC1394 - ok
19:13:31.0234 0x0a28  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:13:31.0250 0x0a28  Nla - ok
19:13:31.0375 0x0a28  [ 13350DDD0976CEB5F125396C7BFB05B4, C5B109C8680CBAC60E45EC95C7C257BF3D2E7C2A2CF8B301BB54443C9A8F5DA1 ] nmraapache      C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
19:13:31.0375 0x0a28  nmraapache - ok
19:13:31.0468 0x0a28  [ 3CB041B0C24258BDCFD0DB1B1BF95EFB, 77A970BDD75AFA0F0DDF1B78B3ADAD9391FE00FF9550140420890351119031F4 ] nmservice       C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
19:13:31.0500 0x0a28  nmservice - ok
19:13:31.0578 0x0a28  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:13:31.0578 0x0a28  Npfs - ok
19:13:31.0671 0x0a28  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:13:31.0734 0x0a28  Ntfs - ok
19:13:31.0781 0x0a28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:13:31.0781 0x0a28  NtLmSsp - ok
19:13:31.0890 0x0a28  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:13:31.0921 0x0a28  NtmsSvc - ok
19:13:32.0000 0x0a28  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:13:32.0000 0x0a28  Null - ok
19:13:32.0031 0x0a28  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:13:32.0046 0x0a28  NwlnkFlt - ok
19:13:32.0062 0x0a28  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:13:32.0062 0x0a28  NwlnkFwd - ok
19:13:32.0140 0x0a28  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:13:32.0156 0x0a28  ohci1394 - ok
19:13:32.0296 0x0a28  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:32.0296 0x0a28  ose - ok
19:13:32.0359 0x0a28  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:13:32.0375 0x0a28  Parport - ok
19:13:32.0406 0x0a28  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:13:32.0406 0x0a28  PartMgr - ok
19:13:32.0421 0x0a28  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:13:32.0437 0x0a28  ParVdm - ok
19:13:32.0453 0x0a28  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:13:32.0453 0x0a28  PCI - ok
19:13:32.0484 0x0a28  PCIDump - ok
19:13:32.0500 0x0a28  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:13:32.0500 0x0a28  PCIIde - ok
19:13:32.0656 0x0a28  pciinfo - ok
19:13:32.0671 0x0a28  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:13:32.0687 0x0a28  Pcmcia - ok
19:13:32.0703 0x0a28  PDCOMP - ok
19:13:32.0718 0x0a28  PDFRAME - ok
19:13:32.0734 0x0a28  PDRELI - ok
19:13:32.0750 0x0a28  PDRFRAME - ok
19:13:32.0765 0x0a28  perc2 - ok
19:13:32.0796 0x0a28  perc2hib - ok
19:13:32.0859 0x0a28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:13:32.0890 0x0a28  PlugPlay - ok
19:13:32.0953 0x0a28  [ 2AFF4C47E96A44C325A1E76548D0D26F, 6C8A8E0FCF9C1AA443D9A25597DD25E61AD4706C6365A879C9C937BA83D07ADE ] pnarp           C:\WINDOWS\system32\DRIVERS\pnarp.sys
19:13:32.0953 0x0a28  pnarp - ok
19:13:33.0031 0x0a28  [ A9D6B1E7EF097C7F3B5DC4F56C0E7386, 09EAA87622A98D5AAA406B12254EF73CA591487108ED1776E09C83250E6D2231 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
19:13:33.0046 0x0a28  PnkBstrA - ok
19:13:33.0078 0x0a28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:13:33.0078 0x0a28  PolicyAgent - ok
19:13:33.0109 0x0a28  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:13:33.0125 0x0a28  PptpMiniport - ok
19:13:33.0187 0x0a28  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
19:13:33.0187 0x0a28  Processor - ok
19:13:33.0203 0x0a28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:13:33.0234 0x0a28  ProtectedStorage - ok
19:13:33.0265 0x0a28  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:13:33.0265 0x0a28  PSched - ok
19:13:33.0312 0x0a28  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:13:33.0312 0x0a28  Ptilink - ok
19:13:33.0343 0x0a28  [ 9DFFC5FFBB80C38F385E9137DF5B33CA, F1A475A5A05A695F0E0978FD85908AF2294B56F2853EBD2E46BB23353D304932 ] purendis        C:\WINDOWS\system32\DRIVERS\purendis.sys
19:13:33.0359 0x0a28  purendis - ok
19:13:33.0421 0x0a28  [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:13:33.0421 0x0a28  PxHelp20 - ok
19:13:33.0437 0x0a28  ql1080 - ok
19:13:33.0453 0x0a28  Ql10wnt - ok
19:13:33.0468 0x0a28  ql12160 - ok
19:13:33.0484 0x0a28  ql1240 - ok
19:13:33.0500 0x0a28  ql1280 - ok
19:13:33.0531 0x0a28  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:13:33.0531 0x0a28  RasAcd - ok
19:13:33.0609 0x0a28  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:13:33.0625 0x0a28  RasAuto - ok
19:13:33.0671 0x0a28  [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:13:33.0671 0x0a28  Rasirda - ok
19:13:33.0718 0x0a28  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:13:33.0718 0x0a28  Rasl2tp - ok
19:13:33.0812 0x0a28  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:13:33.0828 0x0a28  RasMan - ok
19:13:33.0843 0x0a28  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:13:33.0859 0x0a28  RasPppoe - ok
19:13:33.0875 0x0a28  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:13:33.0875 0x0a28  Raspti - ok
19:13:33.0953 0x0a28  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:13:33.0953 0x0a28  Rdbss - ok
19:13:33.0984 0x0a28  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:13:33.0984 0x0a28  RDPCDD - ok
19:13:34.0046 0x0a28  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:13:34.0062 0x0a28  rdpdr - ok
19:13:34.0156 0x0a28  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:13:34.0171 0x0a28  RDPWD - ok
19:13:34.0218 0x0a28  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:13:34.0234 0x0a28  RDSessMgr - ok
19:13:34.0312 0x0a28  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:13:34.0328 0x0a28  redbook - ok
19:13:34.0390 0x0a28  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:13:34.0406 0x0a28  RemoteAccess - ok
19:13:34.0453 0x0a28  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:13:34.0468 0x0a28  RemoteRegistry - ok
19:13:34.0468 0x0a28  rpcapd - ok
19:13:34.0500 0x0a28  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:13:34.0515 0x0a28  RpcLocator - ok
19:13:34.0578 0x0a28  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:13:34.0625 0x0a28  RpcSs - ok
19:13:34.0671 0x0a28  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:13:34.0703 0x0a28  RSVP - ok
19:13:34.0734 0x0a28  [ D05453B44F98F0E975A36081F4362BE5, 902775BB7B77DB51E166252858CDD7EC4E043C2DE2A01C52FD4E6D548D2801CE ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:13:34.0750 0x0a28  RTL8023xp - ok
19:13:34.0796 0x0a28  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:13:34.0796 0x0a28  SamSs - ok
19:13:34.0875 0x0a28  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:13:34.0875 0x0a28  SASDIFSV - ok
19:13:34.0906 0x0a28  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:13:34.0906 0x0a28  SASKUTIL - ok
19:13:34.0984 0x0a28  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:13:35.0000 0x0a28  SCardSvr - ok
19:13:35.0046 0x0a28  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:13:35.0078 0x0a28  Schedule - ok
19:13:35.0156 0x0a28  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:13:35.0171 0x0a28  sdbus - ok
19:13:35.0234 0x0a28  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:13:35.0234 0x0a28  Secdrv - ok
19:13:35.0281 0x0a28  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:13:35.0296 0x0a28  seclogon - ok
19:13:35.0343 0x0a28  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
19:13:35.0359 0x0a28  SENS - ok
19:13:35.0421 0x0a28  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:13:35.0421 0x0a28  serenum - ok
19:13:35.0484 0x0a28  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:13:35.0484 0x0a28  Serial - ok
19:13:35.0593 0x0a28  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:13:35.0593 0x0a28  Sfloppy - ok
19:13:35.0703 0x0a28  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:13:35.0750 0x0a28  SharedAccess - ok
19:13:35.0781 0x0a28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:13:35.0812 0x0a28  ShellHWDetection - ok
19:13:35.0828 0x0a28  Simbad - ok
19:13:35.0890 0x0a28  [ 707647A1AA0EDB6CBEF61B0C75C28ED3, 0FCACC13B3D0EFE026D447CDE5AA10F37986FB235975E3683F0DC2100D50611F ] SMCIRDA         C:\WINDOWS\system32\DRIVERS\smcirda.sys
19:13:35.0906 0x0a28  SMCIRDA - ok
19:13:35.0937 0x0a28  Sparrow - ok
19:13:35.0984 0x0a28  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:13:35.0984 0x0a28  splitter - ok
19:13:36.0062 0x0a28  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:13:36.0078 0x0a28  Spooler - ok
19:13:36.0109 0x0a28  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:13:36.0109 0x0a28  sr - ok
19:13:36.0187 0x0a28  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:13:36.0218 0x0a28  srservice - ok
19:13:36.0312 0x0a28  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:13:36.0343 0x0a28  Srv - ok
19:13:36.0390 0x0a28  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:13:36.0406 0x0a28  SSDPSRV - ok
19:13:36.0484 0x0a28  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:13:36.0515 0x0a28  stisvc - ok
19:13:36.0578 0x0a28  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:13:36.0578 0x0a28  swenum - ok
19:13:36.0625 0x0a28  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:13:36.0625 0x0a28  swmidi - ok
19:13:36.0640 0x0a28  SwPrv - ok
19:13:36.0671 0x0a28  symc810 - ok
19:13:36.0687 0x0a28  symc8xx - ok
19:13:36.0703 0x0a28  sym_hi - ok
19:13:36.0718 0x0a28  sym_u3 - ok
19:13:36.0812 0x0a28  [ 0F332C0BA9B968EBC8CBB906416F8597, 0752F6A6A9B1FFC396AD81D035678B624F16DABCFD7EFA055C0F88CB0D5CEEE5 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:13:36.0828 0x0a28  SynTP - ok
19:13:36.0843 0x0a28  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:13:36.0859 0x0a28  sysaudio - ok
19:13:36.0937 0x0a28  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:13:36.0953 0x0a28  SysmonLog - ok
19:13:37.0000 0x0a28  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:13:37.0031 0x0a28  TapiSrv - ok
19:13:37.0140 0x0a28  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:13:37.0187 0x0a28  Tcpip - ok
19:13:37.0265 0x0a28  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:13:37.0265 0x0a28  TDPIPE - ok
19:13:37.0281 0x0a28  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:13:37.0281 0x0a28  TDTCP - ok
19:13:37.0328 0x0a28  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:13:37.0328 0x0a28  TermDD - ok
19:13:37.0406 0x0a28  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:13:37.0437 0x0a28  TermService - ok
19:13:37.0500 0x0a28  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:13:37.0515 0x0a28  Themes - ok
19:13:37.0609 0x0a28  [ 2448935E1CF84B0341A24A17908C7311, 4BB71D8EB494BC9C7C289ADA6CC1F8988AFC4C63C1D366CF8A88214135113D89 ] tifm21          C:\WINDOWS\system32\drivers\tifm21.sys
19:13:37.0625 0x0a28  tifm21 - ok
19:13:37.0703 0x0a28  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:13:37.0718 0x0a28  TlntSvr - ok
19:13:37.0734 0x0a28  TosIde - ok
19:13:37.0796 0x0a28  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:13:37.0812 0x0a28  TrkWks - ok
19:13:37.0875 0x0a28  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:13:37.0875 0x0a28  Udfs - ok
19:13:37.0890 0x0a28  ultra - ok
19:13:38.0000 0x0a28  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:13:38.0031 0x0a28  Update - ok
19:13:38.0093 0x0a28  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:13:38.0125 0x0a28  upnphost - ok
19:13:38.0156 0x0a28  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
19:13:38.0171 0x0a28  UPS - ok
19:13:38.0250 0x0a28  [ 8BF5D980CDCE35FB26F05047144BB57E, 8A770DD649FA0D6F574651E5525B983261B823C5778764598D89C453E68ED3F1 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
19:13:38.0250 0x0a28  USBAAPL - ok
19:13:38.0328 0x0a28  [ F2DD4159715AFA801C7916F85D2E2779, 9B1CC77446D8B1B86CAB91105960D435A4DB46FA181A75CBF3BB0BE9A195FE51 ] usbbus          C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
19:13:38.0328 0x0a28  usbbus - ok
19:13:38.0437 0x0a28  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:13:38.0437 0x0a28  usbccgp - ok
19:13:38.0515 0x0a28  [ 41C12F229CF403A2BB2C8F4A05993C8F, 6A71F953014BA929C0F789450C5A9FF9371179D594B03665B294537CF837EEA2 ] UsbDiag         C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
19:13:38.0515 0x0a28  UsbDiag - ok
19:13:38.0562 0x0a28  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:13:38.0562 0x0a28  usbehci - ok
19:13:38.0609 0x0a28  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:13:38.0609 0x0a28  usbhub - ok
19:13:38.0640 0x0a28  [ F8E0B715ECDCC4D426D1DC8BEAD6E0B8, 1C667762E71FF58C50663B182D518DC579CAFFD98E8A9D5FA94DACEEBEB6CF30 ] USBModem        C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
19:13:38.0640 0x0a28  USBModem - ok
19:13:38.0687 0x0a28  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:13:38.0687 0x0a28  usbohci - ok
19:13:38.0734 0x0a28  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:13:38.0734 0x0a28  usbprint - ok
19:13:38.0796 0x0a28  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:13:38.0796 0x0a28  usbscan - ok
19:13:38.0812 0x0a28  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:13:38.0828 0x0a28  USBSTOR - ok
19:13:38.0843 0x0a28  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:13:38.0859 0x0a28  usbuhci - ok
19:13:38.0890 0x0a28  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:13:38.0890 0x0a28  VgaSave - ok
19:13:38.0921 0x0a28  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
19:13:38.0921 0x0a28  ViaIde - ok
19:13:39.0000 0x0a28  [ 5F974FDE801C73952770736BECDE11E7, 6321143932DA5C9DFBA257C590D2975C9514B1494B0E4ABF45951CE8EB58188F ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
19:13:39.0000 0x0a28  Viewpoint Manager Service - ok
19:13:39.0031 0x0a28  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:13:39.0031 0x0a28  VolSnap - ok
19:13:39.0125 0x0a28  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:13:39.0171 0x0a28  VSS - ok
19:13:39.0281 0x0a28  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:13:39.0296 0x0a28  W32Time - ok
19:13:39.0390 0x0a28  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:13:39.0406 0x0a28  Wanarp - ok
19:13:39.0484 0x0a28  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
19:13:39.0484 0x0a28  WDC_SAM - ok
19:13:39.0609 0x0a28  [ 300B4847E1157BDD7A306B18ED65A97E, B37B14361A6D93CC745203436F7A3FF39752CDFAF415BFD4094AE7A07EF860B6 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
19:13:39.0609 0x0a28  WDDMService - ok
19:13:39.0640 0x0a28  WDICA - ok
19:13:39.0671 0x0a28  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:13:39.0671 0x0a28  wdmaud - ok
19:13:39.0765 0x0a28  [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
19:13:39.0765 0x0a28  WDSmartWareBackgroundService - ok
19:13:39.0796 0x0a28  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:13:39.0812 0x0a28  WebClient - ok
19:13:39.0968 0x0a28  [ 473EE64C368CE2EED110376C11960259, 5E44E021399F5180A39D72C0E4BDB80E1EC796DB2F8822021CEE886C0B7CFAB3 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:13:40.0046 0x0a28  winachsf - ok
19:13:40.0203 0x0a28  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:13:40.0218 0x0a28  winmgmt - ok
19:13:40.0296 0x0a28  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:13:40.0312 0x0a28  WmdmPmSN - ok
19:13:40.0453 0x0a28  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:13:40.0515 0x0a28  Wmi - ok
19:13:40.0546 0x0a28  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:13:40.0546 0x0a28  WmiAcpi - ok
19:13:40.0609 0x0a28  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:13:40.0609 0x0a28  WmiApSrv - ok
19:13:40.0656 0x0a28  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:13:40.0656 0x0a28  WpdUsb - ok
19:13:40.0859 0x0a28  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:13:40.0937 0x0a28  WPFFontCache_v0400 - ok
19:13:40.0984 0x0a28  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:13:40.0984 0x0a28  WS2IFSL - ok
19:13:41.0062 0x0a28  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:13:41.0078 0x0a28  wscsvc - ok
19:13:41.0109 0x0a28  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:13:41.0125 0x0a28  wuauserv - ok
19:13:41.0203 0x0a28  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:13:41.0218 0x0a28  WudfPf - ok
19:13:41.0234 0x0a28  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:13:41.0250 0x0a28  WudfRd - ok
19:13:41.0281 0x0a28  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:13:41.0296 0x0a28  WudfSvc - ok
19:13:41.0406 0x0a28  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:13:41.0468 0x0a28  WZCSVC - ok
19:13:41.0531 0x0a28  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:13:41.0546 0x0a28  xmlprov - ok
19:13:41.0593 0x0a28  ================ Scan global ===============================
19:13:41.0656 0x0a28  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
19:13:41.0718 0x0a28  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:13:41.0781 0x0a28  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:13:41.0843 0x0a28  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
19:13:41.0875 0x0a28  [ Global ] - ok
19:13:41.0875 0x0a28  ================ Scan MBR ==================================
19:13:41.0906 0x0a28  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
19:13:42.0125 0x0a28  \Device\Harddisk0\DR0 - ok
19:13:42.0125 0x0a28  ================ Scan VBR ==================================
19:13:42.0140 0x0a28  [ 6716BCB6191C92D19301C5098CAE6A34 ] \Device\Harddisk0\DR0\Partition1
19:13:42.0140 0x0a28  \Device\Harddisk0\DR0\Partition1 - ok
19:13:42.0140 0x0a28  Waiting for KSN requests completion. In queue: 247
19:13:43.0140 0x0a28  Waiting for KSN requests completion. In queue: 247
19:13:44.0156 0x0a28  Waiting for KSN requests completion. In queue: 247
19:13:45.0203 0x0a28  AV detected via SS1: avast! Antivirus, 5.0.150996952, disabled, updated
19:13:45.0203 0x0a28  Win FW state via NFM: enabled
19:13:45.0562 0x0a28  ============================================================
19:13:45.0562 0x0a28  Scan finished
19:13:45.0562 0x0a28  ============================================================
19:13:45.0578 0x0ab8  Detected object count: 0
19:13:45.0578 0x0ab8  Actual detected object count: 0
 
 
The computer seems to be running much better, svchost.exe did run 99% CPU for about 5 minutes when I started my computer up, which may be from automatic updates, but other than that I don't see any other issues.
 
Thanks Gary!

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:20 PM

Posted 12 December 2013 - 08:15 PM

Excellent.

Please run these for me.

===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware Free and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Security Check log
  • Malwarebytes log
  • ESET log
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 s9m15w12

s9m15w12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 December 2013 - 06:12 AM

 Results of screen317's Security Check version 0.99.77  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 3% 
````````````````````End of Log`````````````````````` 
 
 
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.12.08
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-A9279112E3 [administrator]
 
12/12/2013 8:29:50 PM
mbam-log-2013-12-12 (20-29-50).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262102
Time elapsed: 16 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
ESET found no threats so it did not produce a log.
 
The computer is running very good right now, no complaints!
 
Thanks!

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:20 PM

Posted 13 December 2013 - 10:19 AM

Excellent. Those reports are fantastic. One final check, everything still OK?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 s9m15w12

s9m15w12
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 14 December 2013 - 12:08 PM

Seems to be working just wonderfully! Should i uninstall everything that we installed for this?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:20 PM

Posted 14 December 2013 - 03:20 PM

Yes, we are ready to wrap it up.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Please do the following to remove some of the tools we used during our time together: Following this step you may remove any other remaining tools or logs.

Delete the tools used during the disinfection:
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK. Note: It may appear as if Combofix is installing again but it is uninstalling. Please allow the program to run its course.

run-box.jpg

  • This will remove Combofix and other tools we used from your computer.
Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:20 PM

Posted 16 December 2013 - 09:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users